State insurance examiners now routinely ask five categories of AI-related questions during financial and market conduct examinations: model inventory, data governance, bias testing, performance monitoring, and decision audit trails. Most carriers can answer the first. Few can answer the rest with timestamped, audit-ready evidence. The gap between what examiners expect and what carriers can produce is widening with every examination cycle.
The Examination Landscape Is Shifting
Financial examinations in insurance follow the NAIC's Financial Condition Examiners Handbook, updated annually to reflect emerging risks. Market conduct examinations follow a parallel handbook focused on policyholder treatment, claims practices, and sales conduct. Both examination types are incorporating AI-specific inquiries with increasing depth.
The NAIC's model bulletin on the use of AI by insurers, adopted in December 2023, established expectations that state regulators are now operationalizing through examination procedures. The bulletin did not create new legal requirements. It articulated how existing insurance regulatory principles, including unfair discrimination prohibitions, rate adequacy standards, and market conduct obligations, apply to AI systems. Examiners are using these principles as the basis for their inquiries.
This distinction matters. Carriers that view AI governance as a future compliance obligation are misreading the regulatory environment. Examiners are asking carriers to demonstrate that they already govern their AI systems. The shift from prospective guidance to retrospective examination is happening now, and carriers that are unprepared are discovering the gap during the examination itself, which is the worst possible time to discover it.
What Examiners Are Asking
Examination inquiries related to AI cluster around five categories. Each requires specific documentation that ongoing governance produces naturally but retroactive preparation produces poorly.
Model inventory and classification. Examiners want a complete inventory of AI and machine learning systems used in insurance operations: underwriting models, claims triage systems, fraud detection algorithms, pricing models, customer-facing chatbots, and any automated decision system that affects policyholders. For each system, examiners expect classification by risk tier: how consequential are the decisions, and what is the potential for consumer harm?
The common gap: carriers know their major production models but lose track of smaller systems, embedded vendor models, and AI components within larger software platforms. A claims management system that includes an AI-powered severity estimator counts as an AI system, even if the carrier thinks of it as "just a feature of the platform." Examiners are increasingly sophisticated about identifying AI components that carriers have not cataloged.
Data governance documentation. For each AI system, examiners want to know what data the model was trained on, how that data was collected, what quality controls were applied, and whether the training data reflects the population the model serves. Data lineage, the documented chain from raw data source through processing to model input, is becoming a standard examination request.
The common gap: many carriers can describe their data sources in general terms but cannot produce documented data quality assessments or demonstrate that training data was evaluated for representativeness. A model trained on 10 years of claim data may underrepresent claim patterns from populations that were historically underinsured. Examiners are learning to ask about representation gaps, and "we used all available data" does not satisfy.
Bias testing and fairness analysis. Examiners are asking carriers to produce evidence that AI systems have been tested for unfair discrimination: disparate impact analysis across protected classes, documentation of the fairness metrics used, and evidence of remediation when bias was detected. The NAIC bulletin specifically references the need for carriers to test for proxy discrimination, where facially neutral variables correlate with protected characteristics.
The common gap: carriers that conduct bias testing typically do so at model deployment and do not repeat the analysis on a regular cadence. A model that passed fairness testing at deployment can develop biased patterns over time as the data it processes shifts. Examiners are beginning to ask not just whether bias testing was performed, but when it was last performed and what results each interval showed.
Performance monitoring evidence. Examiners want evidence that AI systems are monitored for ongoing accuracy and reliability: performance metrics tracked over time, documentation of degradation events, and evidence of remediation actions taken when performance declined.
The common gap: aggregate performance metrics that look healthy at the top level but have not been disaggregated by meaningful segments. A claims model that maintains 92% accuracy overall may perform at 78% accuracy on a specific claim type representing 8% of volume. Examiners are learning to ask for segment-level performance data, and carriers that only track aggregate metrics cannot produce it on demand.
Decision audit trails. For consumer-impacting decisions, examiners want to trace specific outcomes back to the AI system's inputs and processing. If a policyholder's claim was denied or their premium increased, the carrier should be able to explain what factors the system considered and how it reached that output. Full algorithmic transparency is not always achievable with complex models, but carriers must demonstrate they can reconstruct the general basis for individual decisions.
The common gap: carriers can explain how their models work in general but cannot trace a specific decision for a specific policyholder. The distance between "this model considers these 47 variables" and "this policyholder's premium increase was driven primarily by these three factors" is vast. Examiners are increasingly asking for the latter.
The Documentation Quality Problem
Suppose a carrier assembles technically complete documentation in 30 days before an examination. Here is why that documentation is weaker than evidence produced through ongoing governance.
Reconstructed documentation lacks temporal evidence. Ongoing governance produces timestamped records showing that bias testing was conducted on specific dates, performance monitoring ran persistently, and remediation actions were taken when issues were detected. Reconstructed documentation shows that all these things existed as of the documentation date. Examiners see a single snapshot. They see no evidence that governance was occurring between examinations.
Retroactive preparation reveals gaps it cannot fill. A carrier that discovers four systems never underwent bias testing can document the absence and note plans for future testing. It cannot produce results from testing that never occurred. If an examiner asks "what were the fairness metrics for this underwriting model during 2025?" and the answer is "we did not measure them," no amount of documentation preparation changes that answer.
Pressure-assembled documentation is inconsistent. Different teams documenting different systems under time pressure produce documentation with inconsistent format, varying levels of detail, and incompatible terminology. Ongoing governance using standardized frameworks produces documentation that examiners can compare across systems. Reconstructed documentation reads like what it is: a collection of documents written by different people who were not following a common standard.
Ongoing Supervision as Examination Readiness
The alternative to examination-driven documentation sprints is a governance process that generates examination-ready evidence as a byproduct of normal operations.
Model registries that maintain themselves. A centralized model registry where every AI system is enrolled at deployment, with mandatory documentation fields and automated completeness checks, eliminates the inventory gap. When an examiner asks for a complete model inventory, the registry produces it. When a new AI component is deployed within a vendor platform, the registration requirement captures it.
Automated bias testing on defined cadences. Bias testing that runs automatically at defined intervals, weekly, monthly, or triggered by data distribution shifts, produces a record of fairness metrics over time. When an examiner asks "what were the disparate impact results for this model in Q3 2025?" the answer is a timestamped report generated during Q3 2025, not a retrospective analysis conducted during examination preparation.
Performance monitoring with segment-level granularity. A monitoring system that tracks accuracy, precision, recall, and calibration across defined segments produces the disaggregated performance data that examiners are learning to request. The data exists because the system generates it as part of normal operations, not because someone ran a query in response to an examination request.
Decision trace logging. Systems that log the key factors driving each AI-assisted decision create the audit trail that individual decision reconstruction requires. When an examiner asks the carrier to explain why a specific claim was routed to a specific queue, the log entry shows the input factors and their relative influence. This logging is computationally inexpensive relative to the examination exposure it eliminates.
The Examination Cycle Advantage
Insurance examinations follow predictable cycles. Most states examine domestic carriers every three to five years. Risk-focused examinations may occur more frequently for carriers with identified concerns.
A carrier with ongoing governance enters every examination cycle with current documentation, demonstrated practices, and temporal evidence of compliance. The examination becomes a validation exercise rather than a discovery process. Examiners reviewing evidence of steady governance direct their attention to the substance of findings rather than the adequacy of documentation.
A carrier without this capability enters each examination cycle facing the same documentation sprint. Each cycle, the number of AI systems has grown. Each cycle, the regulatory expectations have increased. Each cycle, the gap between what examiners expect and what the carrier can produce has widened.
The operational economics favor ongoing governance even before accounting for examination risk. The cost of maintaining a model registry, running automated bias testing, and logging decision traces is a fraction of the cost of retroactive documentation preparation. The cost comparison tilts further when factoring in the regulatory risk of producing documentation that examiners recognize as reconstructed.
What Carriers Should Build Now
The regulatory trajectory is clear. State insurance examiners are adding AI-specific inquiries to examination procedures. The NAIC's model bulletin provides the framework. State-level AI regulations add further requirements. The examination process is the enforcement mechanism.
Carriers that build governance processes now will experience regulatory examinations as routine validation of existing practices. Carriers that wait will experience each examination as an increasingly expensive documentation emergency, with growing risk that the documentation they produce reveals governance gaps rather than governance practices.
The next examination notice is already on the calendar. It will arrive whether the governance capability is in place or not.
