FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorycompliancegovernanceInsurance regulation

Insurance Industry Adoption of AI and the Regulatory Sprawl It Triggered

By Basel IsmailMay 31, 2026

Insurance Industry Adoption of AI and the Regulatory Sprawl It Triggered

Insurers have been using algorithmic models for decades. Actuarial science is, at its core, applied statistics. But the shift from traditional GLMs to machine learning and generative AI has created a regulatory response that is genuinely hard to track, partly because insurance regulation in the U.S. was already one of the most fragmented regimes in existence. Layer AI governance on top of 50-state insurance regulation and you get something that looks less like a coherent framework and more like a compliance obstacle course.

The NAIC as the Center of Gravity

The National Association of Insurance Commissioners has been the most active body here, which makes sense given its role as the coordinating mechanism for state regulators. In August 2020, the NAIC adopted its Principles on Artificial Intelligence, a set of five high-level commitments covering fairness, accountability, compliance, transparency, and safe and secure use. These were deliberately principle-based rather than prescriptive, which gave them broad buy-in but limited teeth.

The more consequential move came with the NAIC's Model Bulletin on the Use of Artificial Intelligence Systems by Insurers, adopted in December 2023. This bulletin asks insurers to establish AI governance frameworks, conduct impact assessments, and maintain human oversight of AI-driven decisions. It specifically targets decisions affecting consumers, including underwriting, pricing, claims management, and marketing. The bulletin also places accountability squarely on the insurer, even when a third-party vendor supplies the model. That vendor management piece is significant because a huge portion of the industry relies on external AI tools from InsurTech providers.

The model bulletin is not binding on its own. It becomes operative only when individual state insurance departments adopt it or issue their own guidance based on it. And that adoption process is where the fragmentation really kicks in.

State-Level Action: A Patchwork by Design

Colorado moved first and moved aggressively. SB 21-169, signed in 2021, amended the state's insurance code to prohibit insurers from using external consumer data and algorithms in ways that unfairly discriminate based on race, color, national origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. The Colorado Division of Insurance followed up with proposed regulations in 2023 requiring insurers to conduct quantitative bias testing on AI models used in life insurance and, eventually, other lines. The testing requirements are detailed; they mandate specific statistical methodologies and documentation standards. Compliance deadlines have shifted, with the life insurance provisions set to take effect on November 1, 2025, but the direction is clear.

Connecticut issued Bulletin No. IC-41 in 2024, closely tracking the NAIC model bulletin. It requires insurers to develop and maintain AI governance programs, designate responsible persons, and conduct regular reviews of AI systems. Connecticut's approach emphasizes the documentation trail, which is a practical concern for any insurer operating in the state.

Other states are at various stages. New York's DFS has been active on algorithmic bias in insurance pricing, particularly in auto insurance, issuing Circular Letter No. 1 (2019) on the use of external data sources. California, Illinois, and Virginia have all signaled interest in AI-specific insurance regulation. Meanwhile, states like Texas and Florida have taken a more cautious approach, watching how early movers fare before committing to detailed rules.

The result is that a national insurer writing policies in 40 or more states faces a genuinely complex compliance matrix. Requirements differ on what must be tested, how it must be documented, who must be notified, and what remediation looks like when a model produces disparate outcomes.

Federal Interest: Real but Constrained

Insurance regulation remains primarily a state function under the McCarran-Ferguson Act of 1945, but federal agencies have not stayed silent on AI in insurance. The FTC has authority over unfair or deceptive practices and has signaled that algorithmic discrimination could fall within its enforcement scope. The CFPB has been active on AI-driven adverse action notices in adjacent financial services contexts, and some of that reasoning maps onto insurance scenarios, particularly for products like credit-related insurance.

The White House Executive Order on AI (EO 14110), issued in October 2023, directed multiple agencies to address AI risks, including in financial services. The Treasury Department's Federal Insurance Office released a report in March 2024 examining AI use in insurance and recommending that state regulators adopt consistent standards. The FIO report specifically flagged concerns about opaque pricing models, proxy discrimination, and the difficulty consumers face in understanding or challenging AI-driven decisions.

There is also the EU AI Act to consider for any insurer with European exposure. The Act, which entered into force in August 2024 with staggered compliance deadlines through 2027, classifies AI systems used in insurance pricing and underwriting as high-risk, triggering requirements for conformity assessments, technical documentation, human oversight, and transparency. For global insurers, this adds another layer to an already complex picture.

The Practical Compliance Challenge

What makes this particularly difficult is the interaction between model risk management and regulatory compliance. Insurers have long maintained model validation programs, often aligned with the OCC's SR 11-7 guidance (borrowed from banking). But AI governance for regulatory purposes goes beyond traditional model validation. Regulators want to see:

Bias testing across protected classes, often with specific statistical thresholds
Explainability sufficient for regulators and, in some cases, consumers to understand how decisions are made
Ongoing monitoring of model drift and outcome disparities, not just point-in-time validation
Vendor oversight that extends governance requirements to third-party AI tools
Documentation that creates an auditable record of governance decisions, testing results, and remediation actions

Each of these requirements may vary by state, by line of business, and by the specific AI application. An underwriting model in Colorado faces different testing requirements than the same model deployed in Connecticut, even if the underlying algorithm is identical. And the timelines keep shifting. Colorado has already pushed back its initial compliance dates, and other states are still in rulemaking.

The vendor management piece deserves extra emphasis. Many insurers use AI tools from third parties for claims triage, fraud detection, or pricing optimization. Under both the NAIC model bulletin and most state-level guidance, the insurer remains responsible for the outputs of those tools. You cannot outsource the model and outsource the compliance obligation along with it. This means insurers need contractual provisions, audit rights, and independent testing capabilities for vendor-supplied AI, which is a significant operational lift.

Where This Is Headed

More states will adopt versions of the NAIC model bulletin over the next 12 to 18 months. Colorado's quantitative testing requirements will likely influence other states, though the specific methodologies may differ. Federal interest will persist, particularly if state approaches diverge enough to create market disruption or consumer protection gaps. And the EU AI Act's high-risk classification for insurance AI will force global carriers to build compliance infrastructure that may end up being applied domestically as well, simply because maintaining parallel governance programs is inefficient.

The central tension is between the legitimate use of sophisticated models to price risk accurately and the regulatory imperative to prevent those models from encoding or amplifying discrimination. Resolving that tension requires governance infrastructure that is both technically rigorous and adaptable to a shifting regulatory landscape.

How FirmAdapt Addresses This

FirmAdapt's platform is built for exactly this kind of multi-jurisdictional regulatory complexity. It maps AI governance requirements across state insurance regulations, federal guidance, and international frameworks, then operationalizes those requirements into workflows that cover model documentation, bias testing protocols, vendor oversight, and ongoing monitoring. The compliance-first architecture means governance controls are embedded at the system level rather than bolted on after deployment.

For insurers managing AI models across dozens of states with divergent requirements, FirmAdapt provides a single platform to track regulatory changes, maintain auditable documentation, and demonstrate compliance to examiners. The vendor management capabilities extend governance requirements to third-party AI tools, addressing one of the most persistent gaps in current insurer compliance programs.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free