insurance-risk-compliance

Drafts a second-line pricing-governance review of a US life or health rating change (new rate filing, refile, accelerated-underwriting model, rating-plan refresh, ML-driven rating factor, post-issue underwriting model) for a state DOI rate analyst's audience. The artifact carries a rate-filing summary, a rating-factor map, an unfair-discrimination analysis under NAIC Model #880, disparate-impact red flags under state DOI bulletins, AIS Program coverage against the NAIC AI Bulletin (December 2023), and documentation completeness against SR 11-7-equivalent expectations. The deliverable shape is a Word memo plus an Excel rating-factor map; SERFF-track and AU-track engagements use the same spine. Best for: - A life or health insurer is preparing or refreshing a rate filing and second-line wants the pricing-governance file before SERFF submission. - An accelerated-underwriting model or ML-driven rating factor has gone through development and second-line needs the unfair-discrimination and disparate-impact review before deployment. - A state DOI inquiry on rating factors, AI use, or unfair discrimination has arrived and the carrier is preparing the response file. - An internal audit or ORSA review is sampling pricing governance for life or health. Not the right tool when: - The product is P&C (different rate-regulation model and different unfair-discrimination posture; out of scope). - The exposure is fair-lending under ECOA / Reg B for a credit-insurance product underwritten via a bank channel (use `consumer-compliance-fair-lending/fair-lending-test-plan` with the insurance overlay). - The use case is claims AI rather than pricing or underwriting (use `ai-governance-model-risk/agentic-ai-controls` with the insurance overlay). - The work is reserving, IBNR, or solvency capital rather than pricing.

Drafts a second-line oversight pack for an insurance outsourcing or delegated-authority arrangement (MGA, MGU, TPA, claims administrator, underwriting bureau, IT or actuarial outsourcer) read against the NAIC outsourcing and holding-company family and the NAIC Insurance Data Security Model Law. The pack carries the holding-company status, producer-licensing posture, contractual-control review, third-party-service-provider clauses, claims-handling oversight, premium-handling posture, vendor-AI exposure, ORSA fit, named gaps with citations, and a recommended supervisor disposition. The audience is state-DOI exam-grade. Best for: - A US insurer or reinsurer is onboarding, renewing, or remediating an MGA, MGU, TPA, or claims-administrator arrangement and second-line needs the pre-decision review. - A market-conduct exam, ORSA cycle, or internal audit has flagged outsourced-function oversight and the team is preparing the response file. - A reinsurer is reviewing a cedent's delegated-underwriting authority arrangement before treaty placement or renewal. Not the right tool when: - The counterparty is a generic IT or SaaS vendor with no delegated underwriting, claims, premium-handling, or policyholder-data role (use `third-party-operational-resilience/vendor-diligence` with the insurance overlay instead). - The work is a cyber-incident response at an outsourced provider (use `risk-reporting/cyber-disclosure-readiness` with the insurance overlay). - The exposure is captive-reinsurance or affiliate-reinsurance solvency (different model law family; out of scope).