When the examiner asks, you need logs — not excuses.
P&C carriers, specialty lines, and MGAs in the $200M–$5B GWP range use 1331 so pricing, underwriting, and claims AI ships with the explainability trail their state DOI exam and the EU AI Act will ask for.
“Insurers should establish, implement, maintain, and document an AI governance program that ensures decisions impacting consumers are accurate, fair, and explainable, with audit trails sufficient to demonstrate compliance upon regulatory request.”
State Insurance Commissioners are now sending questionnaires that ask for line-item AI decision logs going back 12–24 months. Carriers using hosted models with non-persistent or vendor-held logging cannot produce them — that absence is itself an exam finding. EU AI Act compounds the requirement for any insurer with EU exposure, classifying pricing and claims AI as high-risk under Annex III.
“The state DOI just asked for every AI-assisted underwriting decision from the past twelve months, broken out by protected class. Our vendor stores prompts for 30 days. We don't have an answer.”
Carriers typically land on Controlled (dedicated VPC with 24+ month log retention) or Governed (1331 Cloud with contractual isolation and pre-built DOI exam exports). Owned is common when an MGA shares infrastructure with a parent carrier.
Compliance by architecture, not by contract footnote.
24+ month decision-log retention
Every inference — pricing, underwriting, claims triage — is logged with input features, model version, output, and any human override. Retention is configurable per workflow to match each state's exam window.
Adverse action and bias evidence
Pre-built reports for adverse action notification (FCRA-aligned), bias testing across protected classes, and reason-code generation. The artifacts your CCO needs before the DOI asks.
Human-in-the-loop overrides, captured
When an underwriter overrides a model recommendation, the override, the reason code, and the context are first-class audit objects — not a free-text note buried in a policy system.
EU AI Act high-risk readiness
For carriers with EU exposure, Annex III documentation, post-market monitoring, and the data-governance file under Article 10 are produced from the same logs — no parallel compliance program.
The decision is rarely one person.
We've built collateral for each seat at the table — from the GC reading the bulletin to the platform lead writing the diagram.
The hosted-API age of insurance AI is ending. The auditable age is starting.
1331 gives a CCO a DOI exam answer in hours, a Chief Actuary a deployment path that doesn't require a 90-day vendor risk review per model, and a CUO predictable per-decision economics that work in the loss ratio.