See how Forma Health supervises their AI
Bulletin No. MC-25Adopted

AI governance for Connecticut insurers

The Connecticut Insurance Department issued Bulletin No. MC-25 on February 26, 2024, adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers and replacing its April 2022 notice on big data. It reminds insurers that any decision affecting consumers must comply with Connecticut law, including CUIPA and the state's rating laws, regardless of whether AI supported it, and it expects every authorized insurer to maintain a written AIS Program. The Department recognizes the NAIC AI Principles and lets the program rely on a recognized framework such as the NIST AI Risk Management Framework v1.0. Connecticut adds its own requirement: domestic insurers must file an annual Artificial Intelligence Certification, first due September 1, 2024.

Talk to an expertExplore the hub
BulletinMC-25
IssuedFebruary 26, 2024
EffectiveUpon issuance
BasisNAIC model bulletin

What Connecticut expects from your AIS Program

Connecticut adopted the NAIC model with some changes. The four pillars below are the shared foundation.

Governance

A written program with clear ownership. Senior management is accountable to the board, and a cross-functional body oversees AI across its whole life cycle.

Risk Management & Internal Controls

Controls at every stage of the model life cycle, from data sourcing through retirement, sized to the potential harm to consumers.

Third-Party AI Systems & Data

The insurer stays responsible for AI it did not build. Vendor relationships need diligence, contract rights, and the ability to produce evidence.

Documentation & Audit-Readiness

Section 4 spells out what an examiner can ask for. Treating that list as a standing requirement is what keeps a program defensible.

Legal authority

The Connecticut Insurance Department grounds the bulletin in laws it already enforces:

  • Connecticut Unfair Insurance Practices Act (CUIPA)Conn. Gen. Stat. §38a-815 to §38a-819
  • Personal and Commercial Risk Insurance Rating PracticesConn. Gen. Stat. §38a-663 et seq.
  • Corporate Governance Annual DisclosureConn. Gen. Stat. §38a-142a

Who it applies to

The bulletin reaches every entity holding a Connecticut certificate of authority, including:

  • Property and casualty insurers
  • Life and annuity insurers
  • Health insurers and HMOs
  • All other insurers licensed to do business in Connecticut

State-specific changes: Connecticut tracks the NAIC model but adds an annual Artificial Intelligence Certification for domestic insurers, first due September 1, 2024 and annually thereafter. It also expressly allows the AIS Program to rely on a recognized framework such as the NIST AI Risk Management Framework v1.0.

Learn the basics

Resources for Connecticut insurers

Start with these plain-language explainers and field guides.

Guide

What is the NAIC Model Bulletin on AI?

The NAIC Model Bulletin on the Use of AI Systems by Insurers is the template most states use to set AI governance expectations. Here is what it says and why it matters.

Guide

What is an AIS Program?

An AI Systems Program (AIS Program) is the written program the NAIC Model Bulletin expects every insurer to maintain. Here are its four pillars and what each one requires.

Guide

What are the NAIC AI Principles?

The NAIC AI Principles, adopted in 2020, are the foundation beneath every state AI bulletin. The five principles spell FACTS: Fair, Accountable, Compliant, Transparent, and Secure.

Guide

AI in Insurance: Key Regulatory Definitions

The NAIC Model Bulletin defines the terms that carry legal weight, from AI System to Adverse Consumer Outcome to Model Drift. Here is what each one means for insurers.

Article

Insurance Regulators Are Forcing AI Governance. Most Carriers Aren't Ready.

State insurance regulators and bar associations are sounding the alarm on AI in insurance. Legal and regulatory pressure is forcing insurers to operationalize AI governance, not just document it.

Article

The NAIC Bulletin Is the Floor Your Reinsurer Will Hold You To

Twenty-four jurisdictions have adopted the NAIC Model Bulletin on AI. Most carrier compliance teams are working to the regulatory text. Their reinsurers will use the same document as an evidentiary baseline at the next placement, and the cedent that meets the floor and stops there is preparing for the wrong audience.

Connecticut AI governance FAQs

What is Connecticut Bulletin No. MC-25?
It is the bulletin the Connecticut Insurance Department issued on February 26, 2024 adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers. It tells insurers that existing Connecticut insurance laws apply to any decision an AI system touches, expects each insurer to maintain a written AIS Program, and requires domestic insurers to file an annual Artificial Intelligence Certification.
Which companies have to comply in Connecticut?
Every insurer licensed to do business in Connecticut, across property and casualty, life, and health lines. The annual Artificial Intelligence Certification, however, applies only to Connecticut domestic insurers.
What is the Artificial Intelligence Certification?
Connecticut domestic insurers must file an annual certification, first due September 1, 2024 and annually thereafter, stating either that they do not use AI Systems or that their use of AI is substantially consistent with the bulletin. It replaces the data certification from the Department's April 2022 notice.
Can our AIS Program use the NIST AI Risk Management Framework?
Yes. MC-25 states the AIS Program may adopt, incorporate, or rely upon a framework developed by an official third-party standards organization, such as the NIST AI Risk Management Framework v1.0, in whole or in part.
How will Connecticut enforce it?
Through existing authority. The bulletin grounds its expectations in CUIPA (Conn. Gen. Stat. §38a-815 to §38a-819), the state's rating laws (Conn. Gen. Stat. §38a-663 et seq.), and the Corporate Governance Annual Disclosure statute (Conn. Gen. Stat. §38a-142a). The Department can request AIS Program documentation during market conduct investigations and examinations.
Sources
  1. Connecticut Insurance Department: Bulletin No. MC-25 (Feb 26, 2024)
  2. Connecticut Insurance Department press release on MC-25 (Feb 28, 2024)
  3. NAIC Model Bulletin on the Use of AI Systems by Insurers (Dec 4, 2023)
  4. Conn. Gen. Stat. §38a-815 to §38a-819 (Unfair Insurance Practices Act, Chapter 704)
  5. Conn. Gen. Stat. §38a-663 et seq. (Insurance Rating Practices, Chapter 701)
  6. Conn. Gen. Stat. §38a-142a (Corporate Governance Annual Disclosure, Chapter 698)

Get audit-ready for Connecticut Bulletin MC-25

Swept AI supervises your models and produces the AIS Program evidence Connecticut examiners can request.

Book a demoExplore the platform