Compliance
NAIC AI model governance for insurers
The NAIC Model Bulletin sets expectations for insurer use of AI. Prism produces the documentation, monitoring, and audit artifacts each pillar requires.
- Fairness testing across protected classes
- Decisioning oversight on adverse-action AI outputs
- Vendor model risk register
- Documented monitoring and incident handling
About this framework
The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (adopted Dec 2023) is a model regulation states adopt individually. As of mid-2025, 25+ states have adopted or are adopting it. It sets expectations for insurer governance of AI Systems (AIS) used in any consumer-impacting decision: rating, underwriting, claims, fraud, and marketing. The standard expects a written AIS program proportionate to consumer impact.
Who needs to comply
Industries this applies to
Insurance carriers
Life, P&C, health, and reinsurers using AI in any consumer-impacting decision.
Managing General Agents
MGAs underwriting on behalf of carriers fall under the same expectations.
Healthcare payers
Health insurers using AI in coverage and claims decisioning.
Obligations
What the NAIC Model Bulletin asks insurers to do
- Maintain a written AIS (AI Systems) program scoped to consumer impact
- Run fairness, bias, and disparate-impact testing on consumer-facing models
- Document third-party AI vendor due diligence
- Maintain governance, monitoring, and audit logs proportionate to risk
- Demonstrate accountability for adverse-action decisioning
Mapping
How Prism maps to each pillar
| Obligation | Capability | Evidence |
|---|---|---|
| Fairness and bias testing | Prism Model Audits | Bias and calibration metrics per audit run, comparable across versions |
| Adverse-action decisioning oversight | Prism Agent Trajectories | Step-by-step record of every claim or underwriting decision: input, tools, reasoning, output |
| Third-party AI vendor due diligence | Prism Red Teaming + Prism X register | Adversarial test results pre-deployment; live registry of vendor AI tools in employee use |
| Monitoring and audit logs | Prisms + Sessions | Immutable trace log; conversation-level review for compliance officers |
Obligation
Fairness and bias testing
Capability
Prism Model Audits
Evidence
Bias and calibration metrics per audit run, comparable across versions
Obligation
Adverse-action decisioning oversight
Capability
Prism Agent Trajectories
Evidence
Step-by-step record of every claim or underwriting decision: input, tools, reasoning, output
Obligation
Third-party AI vendor due diligence
Capability
Prism Red Teaming + Prism X register
Evidence
Adversarial test results pre-deployment; live registry of vendor AI tools in employee use
Obligation
Monitoring and audit logs
Capability
Prisms + Sessions
Evidence
Immutable trace log; conversation-level review for compliance officers
Read the source
Go straight to the regulator
Not familiar with this framework? These are the authoritative sources, opened in a new tab.
Built for: Insurance carriers, reinsurers, and managing general agents adopting NAIC's model bulletin
Related
AI Model Audits
Model audits give you a structured review of model behavior, risk profile, and readiness for production, before deployment, not after incidents.
Agent Observability
Trajectory evaluation decomposes multi-step agent runs into ordered steps and scores each run on goal adherence, tool compliance, efficiency, and safety, automatically on ingest.
AI Red Teaming
Structured adversarial testing to find prompt injection vulnerabilities, guardrail bypasses, and unsafe behaviors, before they reach production.
Model Risk Management for AI — SR 11-7 Revised Guidance
The interagency Revised Guidance on Model Risk Management supersedes SR 11-7 and SR 21-8. The three-pillar discipline carries forward, scaled to each bank's model risk profile. Prism produces the evidence at every tier.
NY DFS Part 500 AI Compliance
23 NYCRR Part 500 applies to AI used by covered financial entities. Prism produces the evidence each section asks for, and Prism X covers third-party AI tool risk.
AI Compliance for Lenders: CFPB / ECOA / Reg B — Prism
The CFPB has confirmed ECOA and Reg B apply to AI-driven credit decisions. Adverse-action notices need specific reasons. Prism Agent Trajectories and Model Audits produce them.
AI governance for insurance
Insurers face NAIC's Model Bulletin and a patchwork of state-level AI rules. Prism gives carriers one platform to produce the evidence each one demands.
AI compliance for healthcare payers
PHI cannot reach a model unscrubbed. Prism Guardrails strip 18 Safe Harbor identifiers at ingestion; Prism X blocks employees from pasting PHI into consumer AI tools.
Start tracing in 5 minutes
One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.