See how Forma Health supervises their AI
Bulletin 24-04Adopted

AI governance for Iowa insurers

The Iowa Insurance Division issued Bulletin 24-04 on November 7, 2024, adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers. It reminds every insurer holding a certificate of authority in Iowa that decisions and actions impacting consumers must comply with Iowa insurance law, including the laws on unfair trade practices and unfair discrimination, regardless of whether an AI System supported them. The bulletin recognizes the NAIC's 2020 Principles on Artificial Intelligence and lets an insurer's AIS Program rely in whole or in part on a recognized framework such as the NIST AI Risk Management Framework, Version 1.0. Iowa also went further than most adopters: it is the first state to define bias and to define outcomes testing, and the Division signals that supplementary guidance on third-party AI governance is coming.

Talk to an expertExplore the hub
Bulletin24-04
IssuedNovember 7, 2024
EffectiveUpon issuance
BasisNAIC model bulletin

What Iowa expects from your AIS Program

Iowa adopted the NAIC model with some changes. The four pillars below are the shared foundation.

Governance

A written program with clear ownership. Senior management is accountable to the board, and a cross-functional body oversees AI across its whole life cycle.

Risk Management & Internal Controls

Controls at every stage of the model life cycle, from data sourcing through retirement, sized to the potential harm to consumers.

Third-Party AI Systems & Data

The insurer stays responsible for AI it did not build. Vendor relationships need diligence, contract rights, and the ability to produce evidence.

Documentation & Audit-Readiness

Section 4 spells out what an examiner can ask for. Treating that list as a standing requirement is what keeps a program defensible.

Legal authority

The Iowa Insurance Division grounds the bulletin in laws it already enforces:

  • Insurance Trade PracticesIowa Code Chapter 507B (incl. §507B.4)
  • Casualty Insurance, Regulation of RatesIowa Code §§515F.1-515F.19
  • Corporate Governance Annual DisclosureIowa Code Chapter 521H
  • Examination of Insurance CompaniesIowa Code Chapter 507

Who it applies to

The bulletin reaches every entity holding a Iowa certificate of authority, including:

  • Property and casualty insurers
  • Life and annuity insurers
  • Health insurers and HMOs
  • All insurers holding an Iowa certificate of authority

State-specific changes: Iowa tracks the NAIC model but adds its own definitions of bias and outcomes testing, allows the AIS Program to incorporate a third-party framework such as the NIST AI Risk Management Framework, Version 1.0, and notes that supplementary guidance on third-party AI systems is anticipated. The core program expectations match the national framework.

Learn the basics

Resources for Iowa insurers

Start with these plain-language explainers and field guides.

Guide

What is the NAIC Model Bulletin on AI?

The NAIC Model Bulletin on the Use of AI Systems by Insurers is the template most states use to set AI governance expectations. Here is what it says and why it matters.

Guide

What is an AIS Program?

An AI Systems Program (AIS Program) is the written program the NAIC Model Bulletin expects every insurer to maintain. Here are its four pillars and what each one requires.

Guide

What are the NAIC AI Principles?

The NAIC AI Principles, adopted in 2020, are the foundation beneath every state AI bulletin. The five principles spell FACTS: Fair, Accountable, Compliant, Transparent, and Secure.

Guide

AI in Insurance: Key Regulatory Definitions

The NAIC Model Bulletin defines the terms that carry legal weight, from AI System to Adverse Consumer Outcome to Model Drift. Here is what each one means for insurers.

Article

Insurance Regulators Are Forcing AI Governance. Most Carriers Aren't Ready.

State insurance regulators and bar associations are sounding the alarm on AI in insurance. Legal and regulatory pressure is forcing insurers to operationalize AI governance, not just document it.

Article

The NAIC Bulletin Is the Floor Your Reinsurer Will Hold You To

Twenty-four jurisdictions have adopted the NAIC Model Bulletin on AI. Most carrier compliance teams are working to the regulatory text. Their reinsurers will use the same document as an evidentiary baseline at the next placement, and the cedent that meets the floor and stops there is preparing for the wrong audience.

Iowa AI governance FAQs

What is Iowa Bulletin 24-04?
It is the bulletin the Iowa Insurance Division issued on November 7, 2024 adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers. It tells insurers that existing Iowa insurance laws apply to any decision an AI system touches and expects each insurer to maintain a written AIS Program.
Which companies have to comply in Iowa?
Any insurer holding a certificate of authority to do business in Iowa, across property and casualty, life, and health lines. The bulletin is not limited to a single line of business.
Can our AIS Program use the NIST AI Risk Management Framework?
Yes. Bulletin 24-04 states the AIS Program may adopt, incorporate, or rely upon, in whole or in part, a framework or standards developed by an official third-party standard organization, such as the NIST Artificial Intelligence Risk Management Framework, Version 1.0.
Does Iowa add anything beyond the NAIC model?
Yes. Iowa is the first state to define bias, which the Division encourages insurers to identify and manage, and it defines outcomes testing as validating that a model works as intended and does not produce unfairly discriminatory outcomes. The Division also anticipates issuing supplementary guidance on the governance of third-party AI systems.
How will Iowa enforce it?
Through existing authority. The bulletin grounds itself in the Insurance Trade Practices law (Iowa Code Chapter 507B, including section 507B.4 and Iowa Administrative Code chapter 191-15), the rate regulation provisions for casualty insurance (Iowa Code sections 515F.1 through 515F.19), the Corporate Governance Annual Disclosure Act (Chapter 521H), and the Division's authority to examine insurers (Chapter 507). The Division can request AIS Program documentation during investigations and market conduct actions.
Sources
  1. Iowa Insurance Division: Bulletin 24-04 (November 7, 2024)
  2. NAIC Model Bulletin on the Use of AI Systems by Insurers (Dec 4, 2023)
  3. NAIC Big Data and AI (H) Working Group: Implementation of the AI Model Bulletin (map)
  4. Iowa Code Chapter 507B (Insurance Trade Practices)
  5. Iowa Code §§515F.1-515F.19 (Casualty Insurance, Regulation of Rates)
  6. Iowa Code Chapter 521H (Corporate Governance Annual Disclosure)

Get audit-ready for Iowa Bulletin 24-04

Swept AI supervises your models and produces the AIS Program evidence Iowa examiners can request.

Book a demoExplore the platform