Analysis

Insurers lag on AI governance, average disclosure score hits 9.6

Insurers are shipping AI faster than they can govern it, and the disclosure gap is now a procurement problem. A 130-company review found an average score of 9.6 out of 100, with no one clearing a D.

Daniel Reid··4 min read
Published
Listen to this article0:00 min
Insurers lag on AI governance, average disclosure score hits 9.6
Photo illustration

Insurtech Insights rated 130 insurers and AI vendors on whether they publicly document how their AI is governed, tested, and monitored. The average score was 9.6 out of 100, and nothing in the review cleared a D.

Governance is now the buying criterion

Public disclosure is still weak across the market. The rating used a rubric anchored to the NIST AI Risk Management Framework and ISO/IEC 42001.

P&C software buyers are no longer evaluating AI as a feature checkbox. A claims platform that can route losses faster means little if the carrier cannot show who approved the model, when it was last tested, what data changed, or how exceptions are escalated to humans. The procurement question has shifted from “what does the model do?” to “who owns it, how is it supervised, and what evidence exists when a regulator asks?”

For underwriting systems, that means pressure on the full decision chain: intake, scoring, referral, and exception handling. For claims, it means triage logic, adjuster override paths, and documentation of when automation stops and human review begins. For fraud detection, it means alert thresholds, false-positive review processes, and logs that show how a flagged claim moved from machine output to investigator action.

What the standards actually demand

NIST’s AI Risk Management Framework is voluntary, but it is built to help organizations manage AI risk and promote trustworthy development and responsible use. NIST’s AI Resource Center also emphasizes testing, evaluation, verification, and validation resources, which is where many insurance deployments get exposed in practice.

NIST sharpened that framework further on July 26, 2024, when it released NIST-AI-600-1, the Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. Generative tools are increasingly used in customer service, document summarization, claims drafting, and internal assistant workflows. Those use cases create a new governance burden: generated text must be traceable, reviewable, and bounded by policy, not just useful.

ISO/IEC 42001 is the first global standard that defines how to establish, implement, maintain, and continually improve an AI management system. Implementing it means putting in place policies and procedures for the sound governance of AI, using the Plan-Do-Check-Act method.

Why P&C software buyers should care now

In P&C, AI is already touching workflows where the wrong answer has a cost. Underwriting teams need to know whether a model is steering business away from certain risks and whether those decisions can be explained when a submission is declined. Claims leaders need to know whether AI is accelerating straight-through handling or simply creating a faster queue of unreviewed errors. SIU and fraud teams need audit trails that show why a claim was escalated and who made the final call.

Disclosure is becoming a competitive variable. Vendors that can publish clear governance practices are better positioned to win enterprise trust, withstand regulatory scrutiny, and move from pilot to production faster. The market has spent years rewarding speed and feature breadth.

    A serious procurement review now needs to ask for specific artifacts, not polished promises:

  • Model inventory and ownership records
  • Version histories for models and rules
  • Testing evidence, including validation and refresh cadence
  • Monitoring logs for drift, bias, performance, and exceptions
  • Human-in-the-loop workflows and escalation paths
  • Audit trails that show who approved changes and when

Regulators are already moving the same direction

The National Association of Insurance Commissioners adopted its Model Bulletin on the Use of Artificial Intelligence Systems by Insurers on December 4, 2023. A state-action map published in April 2024 shows states taking action to implement or reference that bulletin, which signals that AI oversight is moving from best practice into expectation.

The stakes are higher for carriers in every line of business, but especially for P&C teams that rely on high-volume automation. Once a state insurance department expects a carrier to explain how it governs AI, the burden moves from product teams to the operating model itself. Documentation becomes part of compliance. Monitoring becomes part of oversight. Explainability becomes part of the sale.

AI procurement in P&C insurance is moving from feature comparison to evidence-based diligence. A strong underwriting engine, a faster claims triage workflow, or a better fraud model is no longer enough on its own. Buyers need to see who owns the model, how it is tested, how often it is reviewed, and whether the vendor can stand behind the answers when production use meets regulator scrutiny.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More P&C Insurance Software Articles