AI systems placed on the EU market. Insurance life & health pricing and risk assessment are Annex III high-risk.
How we align: Risk-tier classification at design time. High-risk systems get a technical file, risk management system, data governance record, logging, human oversight design, accuracy/robustness/cybersecurity evidence, and post-market monitoring — mapped to Articles 9–15 and 72.
Evidence: Technical file template · Annex IV mapping · post-market monitoring plan.
US state insurance regulators' expectations for AI/ML governance.
How we align: AI governance program with board-level accountability, written policies, third-party AI oversight, testing for bias & discrimination, documentation, and consumer-complaint handling. Bulletin-aligned control matrix maintained per carrier engagement.
Evidence: Governance framework doc · vendor oversight register · bias testing evidence per model.
Colorado unfair-discrimination testing for external consumer data and AI in life insurance.
How we align: Quantitative testing for disparate impact across protected classes using approved methodology; remediation workflow if disparity found; annual reporting cadence.
Evidence: Testing plan · results file format compatible with Colorado DOI submission.
New York expectations for use of AI and ECDIS in insurance underwriting and pricing.
How we align: Governance, risk management, fairness testing, transparency to consumers, and third-party oversight controls mapped to the Circular's expectations.
Evidence: Control-mapping matrix on request.
Model risk management — widely adopted by US insurers even where not strictly required.
How we align: Model inventory, development documentation, independent validation, ongoing performance monitoring, and clear model ownership for every production model.
Evidence: Model inventory extract · validation report samples.
UK fair-customer-outcomes duty and model risk management principles for regulated firms.
How we align: Outcome monitoring at customer-cohort level, vulnerable-customer routing, and model risk framework aligned to SS1/23 tiers.
Evidence: Consumer Duty monitoring pack · SS1/23 tier assignment log.
AI management system standard — the ISO 27001 equivalent for AI.
How we align: AIMS controls layered on our existing ISO 27001 ISMS: AI policy, roles, impact assessment, lifecycle controls, and supplier obligations.
Evidence: AIMS statement of applicability on request.
Voluntary framework — Govern, Map, Measure, Manage functions.
How we align: Program mapped to the four functions; used as the internal reference model for engagements without a specific regulatory anchor.
Evidence: RMF crosswalk to our internal controls.