Post 1 of 3 on Authoring Artificial Intelligence System (AIS) Policies for P&C Insurers Leveraging NIST Frameworks and NAIC Guidance for Trustworthy AI (Resources)

Property and Casualty (P&C) insurers understand the potential of AI comes with a need for robust AI governance policies and processes to ensure stable model performance and compliance. With so many resources available, it can be overwhelming to know where to start. Over the last few months of working with various insurers, we’ve identified nine key resources to consider when writing AIS policies. Each document is listed below with a link. Post 2 of this series explores a structured approach for developing AIS policies specifically for P&C Underwriting, and Post 3 covers Claims.

Two future posts will explore a structured approach for developing AIS policies specifically for Underwriting and Claims featuring the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF 1.0), the Generative AI Profile (NIST AI 600-1), and the NAIC Model Bulletin on AI Systems.

1. NAIC Principles of Artificial Intelligence (2020) Establishes high-level guiding principles for ethical AI use in the insurance industry. Stakeholders: Chief Compliance Officer, Chief Innovation Officer, CIO, Compliance Teams, Innovation Teams
2. NAIC Model Bulletin: Use of Artificial Intelligence Systems by Insurers (2023) Provides specific regulatory guidance directly relevant to compliance and risk management for insurers. Stakeholders: Chief Compliance Officer, Chief Innovation Officer, CIO, Compliance Teams, Innovation Teams
3. NIST AI 100-1: AI Risk Management Framework 1.0 (2023) The National Institute of Standards and Technology framework offers a structured approach to identifying, assessing, and mitigating risks associated with AI. It provides guidelines that help organizations ensure their AI systems are reliable, safe, and trustworthy. Insurers can adapt these risk management strategies to enhance their models’ integrity and credibility. Stakeholders: CIO, CDO, CISO, IT Risk Management Teams, IT Security Teams
4. NIST AI 600-1: AI Risk Management Framework for Generative AI (2024)  A companion publication to the NIST AI 100, the 600-1 publication focuses on managing the unique risks of generative AI to help ensure organizational readiness for advanced AI technologies. Stakeholders: CIO, CDO, CISO, IT Risk Management Teams, IT Security Teams
5. U.S. Department of the Treasury Annual Report on the Insurance Industry (2024) Addresses the integration of artificial intelligence (AI) systems within the insurance industry, highlighting opportunities and challenges and emphasizing the importance of transparency, fairness, and regulatory compliance. Stakeholders: C-Suite, Compliance and Regulatory Affairs, Strategic Planning Teams, Underwriting Leadership
6. AI Organizational Responsibilities – Governance, Risk Management, Compliance, and Cultural Aspects (2024) Published by the Cloud Security Alliance, this whitepaper outlines various roles and responsibilities in AI strategy, compliance, technical security, and operations. While not insurance-specific, it can help leaders identify and understand roles and responsibilities in AI strategy, compliance, technical security, and operations. Stakeholders: CISOs, AI developers
7. Regulation of Artificial Intelligence in Insurance (2023) – The Geneva Association Examines how emerging frameworks and standards address the use of AI by insurers and emphasizes the balance between fostering innovation and ensuring fairness, transparency, and consumer protection. The report calls for principles-based approaches, collaborative efforts among stakeholders, robust governance mechanisms, and continuous oversight to maintain trust as AI becomes more integral to underwriting, claims, and other processes. Stakeholders: C-Suite, Senior Management, Compliance and Regulatory Affairs, Underwriting and Actuarial Teams, Product Development and Innovation Teams
8. Deloitte 2024 Insurance Regulatory Outlook Highlights broader regulatory trends, including climate and solvency issues, as well as the increasing use of AI in insurance. For executives, this provides context for long-term policy planning. Stakeholders: Chief Compliance Officer, Chief Innovation Officer, CIO, Compliance Teams, Innovation Teams
9. United States Blueprint for an AI Bill of Rights (2022) Outlines key principles and protections to ensure that U.S. AI systems are developed and deployed in ways that uphold democratic values and respect individual rights. It highlights five core protections: safe and effective systems, freedom from algorithmic discrimination, data privacy, notice and explanation, and human alternatives or fallback. Stakeholders: C-Suite and Senior Management, Compliance and Regulatory Teams, Data Science, Analytics, Risk Management, Marketing, Customer Experience, and Product Development Teams

These nine documents provide a critical starting point, with foundational guidance and frameworks to help insurers craft AIS policies. Reviewing these resources will help business leaders, compliance and innovation teams, IT security specialists, and data science teams align on best practices for ensuring their AI systems are responsible, transparent, and compliant.

Post two and three of this series apply NIST and NAIC guidelines to underwriting and claims.