Responsible AI · Model Governance

AI you can put in front of a regulator.

Every model we ship to a carrier arrives with a model card, an evaluation record, a human-in-the-loop pattern, bias & fairness evidence, and a mapping to the regulations that apply — EU AI Act, NAIC Model Bulletin, Colorado SB21-169, NY DFS Circular 7, SR 11-7, UK Consumer Duty & SS1/23, ISO/IEC 42001, and NIST AI RMF.

This page describes our governance program and the artifacts we produce per engagement. It is not legal advice or an attestation of compliance for any specific carrier deployment — engagement-level scope and evidence are agreed in contract.

Six principles we build to

Human accountability

A named human owns every model decision path. AI proposes; a licensed professional or authorised officer decides where it matters.

Purpose-fit risk tiering

Every use case is classified against the EU AI Act, NAIC Bulletin, and SR 11-7 before build. Governance depth scales with risk.

Evidence by default

Model cards, datasheets, eval reports, and validation memos are produced during build — not retrofitted for an audit.

Fairness is tested, not asserted

Quantitative bias & fairness testing on stratified cohorts, with remediation workflow when thresholds are missed.

Explainability where it matters

Adverse decisions and referrals ship with source citations or feature attributions the human reviewer can act on.

Kill-switch always available

Every production model has a documented, tested rollback and a shadow-mode fallback. No model is load-bearing without one.

Model cards

A representative sample of the model cards we ship. Each production model in a carrier engagement gets a card of this shape, kept current and available to the carrier's model risk and compliance teams.

Claims FNOL Triage

High-risk (EU AI Act Annex III)

Motor & property first-notice-of-loss classification, severity scoring, and routing.

Inputs:
FNOL free-text, telematics summary, policy metadata, prior-claim features.
Outputs:
Severity band (1–5), fast-track eligibility, suggested handler pod, confidence score.
Human-in-the-loop:
Every decline / fast-track override reviewed by a licensed adjuster before customer notification. Confidence < 0.75 auto-routes to human.
Primary metric:
Balanced accuracy vs. adjuster gold-standard; leakage-cost delta.
Fairness testing:
Demographic parity + equalised odds tested across postcode-derived income deciles and age bands. Quarterly re-test.
Refresh cadence: Quarterly retrain; drift-triggered off-cycle.

Underwriting Submission Extraction

Limited risk

Commercial & specialty submission ingestion — SOV, loss runs, broker email threads.

Inputs:
PDF/XLSX submissions, broker email bodies, prior-year benchmark data.
Outputs:
Structured risk record, exposure summary, referral flags, missing-info list.
Human-in-the-loop:
Underwriter is the decision-maker. Model outputs are proposals with source-document citations; no auto-bind.
Primary metric:
Field-level extraction F1 vs. UW-verified ground truth; cycle-time to quote.
Fairness testing:
Not a rating model. Monitored for systematic under-extraction on non-English submissions and small-broker templates.
Refresh cadence: Monthly eval on rolling sample; retrain on template drift.

Fraud & SIU Signal

High-risk (EU AI Act Annex III)

Suspicious-claim detection for motor bodily injury and property.

Inputs:
Claim narrative, network features, prior-claim history, external watchlists (contracted).
Outputs:
SIU-referral score with top contributing signals (SHAP-style explanations).
Human-in-the-loop:
Model never denies a claim. Scores above threshold create an SIU referral; investigator makes the call.
Primary metric:
Precision @ investigator-capacity; false-positive rate by cohort.
Fairness testing:
Adverse-impact ratio tested across protected proxies; disparate-impact review before each release.
Refresh cadence: Quarterly retrain with SIU feedback loop.

Contact-Centre Voice Agent (FPT.AI)

Limited risk

Inbound policyholder servicing — status checks, endorsements intake, callback booking.

Inputs:
Live audio, policy context, prior interaction history.
Outputs:
Task completion, transcript, sentiment, escalation flag.
Human-in-the-loop:
Warm-transfer to human on complaint keywords, sentiment threshold, vulnerable-customer signals, or any coverage decision.
Primary metric:
First-contact resolution; escalation appropriateness; WER by accent cohort.
Fairness testing:
WER parity tested across accent, gender and age cohorts; vulnerable-customer routing audited monthly.
Refresh cadence: Monthly prompt & tool eval; ASR model quarterly.

Reserving & Portfolio Analytics

Minimal risk

Actuarial support — reserve triangulation, portfolio drift detection.

Inputs:
Aggregated triangles, exposure, calendar-year features.
Outputs:
Reserve range, driver decomposition, outlier flags.
Human-in-the-loop:
Chief Actuary owns the sign-off. Model is a decision-support tool, not a booking system.
Primary metric:
Back-tested reserve error vs. ultimate; stability of driver decomposition.
Fairness testing:
N/A — no individual-level decisions.
Refresh cadence: Quarterly, aligned to reserving cycle.

Broker/Distribution Copilot

Limited risk

Internal assistant for producers — product Q&A, appetite lookup, quote assembly.

Inputs:
Broker query, appetite guides, rate books (retrieval-grounded).
Outputs:
Grounded answer with citations to source documents.
Human-in-the-loop:
Producer is the user; every answer shows sources. No customer-facing outputs without producer review.
Primary metric:
Groundedness (citation-supported claim rate), producer thumbs-up rate.
Fairness testing:
Refusal-rate parity across product lines; hallucination audit weekly on held-out queries.
Refresh cadence: Continuous retrieval refresh; model prompt eval weekly.

Evaluation methodology

Eight stages from use-case charter to post-market review. Every stage produces named artifacts that live in the model file and are shareable with the carrier's model risk function and their regulators.

  1. Stage 1
    1. Design & risk classification

    Use-case registered in the AI inventory. EU AI Act risk tier, NAIC Model Bulletin category, and SR 11-7 materiality assigned before any code is written.

    Artifacts
    AI use-case charter · risk tier memo · intended-use statement.
  2. Stage 2
    2. Data readiness

    Lineage, consent basis, retention, and residency confirmed. PII/PHI classified. Training data documented in a datasheet.

    Artifacts
    Datasheet for datasets · DPIA · lawful-basis record · residency map.
  3. Stage 3
    3. Offline evaluation

    Held-out test sets stratified by line of business, geography, and protected-proxy cohorts. Primary metric + guardrail metrics defined up-front.

    Artifacts
    Eval plan · test-set manifest · metric report with cohort breakdowns.
  4. Stage 4
    4. Bias, fairness & robustness

    Demographic parity, equalised odds, adverse-impact ratio, and calibration by cohort. Adversarial prompts and out-of-distribution stress for GenAI. Explainability review.

    Artifacts
    Fairness report · robustness report · SHAP / attention-attribution samples.
  5. Stage 5
    5. Independent validation

    Second-line review by a validator not involved in build. Challenger model or benchmark comparison for material models. SR 11-7-style effective challenge.

    Artifacts
    Validation report · challenger comparison · sign-off memo.
  6. Stage 6
    6. Human-in-the-loop design

    HITL pattern chosen per decision: gate, review, sample-audit, or observe-only. Override UX and audit trail specified. Vulnerable-customer paths defined.

    Artifacts
    HITL pattern spec · override runbook · UX flows.
  7. Stage 7
    7. Deployment & monitoring

    Shadow-mode → canary → phased rollout. Live monitoring for drift, performance decay, cohort-level regressions, and prompt-injection signals. Kill-switch tested.

    Artifacts
    Rollout plan · monitoring dashboard · incident runbook · kill-switch test log.
  8. Stage 8
    8. Post-market review

    Quarterly model review board with business owner, model risk, compliance, and delivery. Incidents feed back into next design cycle.

    Artifacts
    Model review minutes · KPI/KRI pack · regulator-ready evidence bundle.

Human-in-the-loop patterns

We choose the pattern that fits the decision, not one-size-fits-all. The pattern is specified in the model card and enforced in the UX.

Gate — human decides

When: Coverage decisions, declines, cancellations, SIU referrals, complaint handling, any decision with legal or financial adverse effect on a customer.

Example: Fraud model produces a score; investigator opens or closes the referral. Model never denies a claim.

Review — human confirms

When: Material extractions or classifications where the model is usually right but errors are costly.

Example: Submission extraction: underwriter confirms exposures before quoting. Every field cites its source page.

Sample audit — human spot-checks

When: High-volume, low-severity tasks where per-item review is uneconomic and errors are recoverable.

Example: Voice-agent transcripts: QA team audits a stratified sample daily; every complaint keyword auto-routes to human.

Observe-only — human monitors trend

When: Analytical outputs that never touch an individual customer decision.

Example: Portfolio drift dashboards for actuarial teams. No HITL per record; governance is at the report level.

Bias & fairness testing

Fairness is a quantitative property of a model on a defined population. We test it before release, on a schedule after release, and when input distributions drift.

Where protected attributes cannot be collected (most insurance data), we use regulator-accepted proxies — BISG for race/ethnicity in the US, geography- and name-based methods elsewhere — with the limitations disclosed in the fairness report.

What we measure
  • Demographic paritySelection rates by cohort — flags disparate treatment.
  • Equalised oddsTPR and FPR parity — flags disparate performance.
  • Adverse-impact ratioThe 80% rule benchmark familiar to US regulators.
  • Calibration by cohortPredicted vs. observed rates per group — flags mis-ranking.
  • Refusal & escalation parityFor GenAI: does the model help every cohort equally?
  • Speech recognition parityWER by accent, gender, and age cohort for voice systems.

Thresholds are agreed with the carrier's compliance function before release. A miss triggers a documented remediation workflow, not a silent override.

Regulatory & framework alignment

What each regulation or framework requires, and what we do about it. Full control mappings and evidence are available under NDA.

EU AI Act

AI systems placed on the EU market. Insurance life & health pricing and risk assessment are Annex III high-risk.

How we align: Risk-tier classification at design time. High-risk systems get a technical file, risk management system, data governance record, logging, human oversight design, accuracy/robustness/cybersecurity evidence, and post-market monitoring — mapped to Articles 9–15 and 72.

Evidence: Technical file template · Annex IV mapping · post-market monitoring plan.

NAIC Model Bulletin on the Use of AI Systems by Insurers

US state insurance regulators' expectations for AI/ML governance.

How we align: AI governance program with board-level accountability, written policies, third-party AI oversight, testing for bias & discrimination, documentation, and consumer-complaint handling. Bulletin-aligned control matrix maintained per carrier engagement.

Evidence: Governance framework doc · vendor oversight register · bias testing evidence per model.

Colorado SB21-169 & Reg 10-1-1

Colorado unfair-discrimination testing for external consumer data and AI in life insurance.

How we align: Quantitative testing for disparate impact across protected classes using approved methodology; remediation workflow if disparity found; annual reporting cadence.

Evidence: Testing plan · results file format compatible with Colorado DOI submission.

NY DFS Circular Letter No. 7 (2024)

New York expectations for use of AI and ECDIS in insurance underwriting and pricing.

How we align: Governance, risk management, fairness testing, transparency to consumers, and third-party oversight controls mapped to the Circular's expectations.

Evidence: Control-mapping matrix on request.

US Federal SR 11-7 / OCC 2011-12

Model risk management — widely adopted by US insurers even where not strictly required.

How we align: Model inventory, development documentation, independent validation, ongoing performance monitoring, and clear model ownership for every production model.

Evidence: Model inventory extract · validation report samples.

UK FCA Consumer Duty & PRA SS1/23

UK fair-customer-outcomes duty and model risk management principles for regulated firms.

How we align: Outcome monitoring at customer-cohort level, vulnerable-customer routing, and model risk framework aligned to SS1/23 tiers.

Evidence: Consumer Duty monitoring pack · SS1/23 tier assignment log.

ISO/IEC 42001

AI management system standard — the ISO 27001 equivalent for AI.

How we align: AIMS controls layered on our existing ISO 27001 ISMS: AI policy, roles, impact assessment, lifecycle controls, and supplier obligations.

Evidence: AIMS statement of applicability on request.

NIST AI RMF 1.0

Voluntary framework — Govern, Map, Measure, Manage functions.

How we align: Program mapped to the four functions; used as the internal reference model for engagements without a specific regulatory anchor.

Evidence: RMF crosswalk to our internal controls.

Data residency for AI

Training data, inference traffic, and model artifacts stay in the region agreed with the carrier. Delivery access is via zero-trust jump hosts with session recording — no client production PII is stored at rest in Vietnam delivery centres.

RegionDefault residencyNotes
EU / EEAFrankfurt or Dublin (AWS / Azure). Training and inference stay in-region.SCCs + supplementary measures for any transfer. Vietnam delivery access via zero-trust jump host, no data at rest.
United KingdomLondon region. UK GDPR + UK-EU adequacy relied upon.UK IDTA / Addendum executed with carriers on request.
United Statesus-east or us-west; HIPAA-eligible services for A&H / workers' comp / disability.State-specific residency (e.g. NYDFS, Colorado) supported on request.
APACSingapore or Tokyo default. Australia (Sydney) with IRAP-assessed services for local carriers.In-country residency available for Japan and Korea engagements.

Third-party foundation models (where used) are called from in-region endpoints under zero-retention agreements. Sovereign deployments use FPT.AI models hosted in the carrier's chosen region — see the FPT.AI platform page.

Send this to your risk & compliance team.

Model cards, eval reports, fairness testing evidence, EU AI Act technical file, NAIC Bulletin control mapping, and DPAs are available under NDA. We'll walk your model risk function through the ones that matter for your programme.

Questions on model governance: modelrisk@fptinsure.com · Responsible disclosure: security@fptinsure.com