Why the model itself is a risk an insurer's board must govern
When an insurer uses an AI or machine-learning model to decide whether to accept a risk, how to rate it, what terms to offer or what price to charge, the model becomes a decision-maker, and a decision-maker that can be wrong in ways the insurer does not see. Model risk is the risk of loss, mispricing, regulatory breach or harm arising from a model that is flawed, misapplied, trained on the wrong data, or relied on beyond what it can support. For an insurer, model risk is not an IT issue; it is a risk that bears directly on underwriting profitability, on fairness to policyholders and on regulatory standing, which is why it has to be governed at the board and the risk-committee level, not left to the data-science team.
The exposure is concrete. A pricing model trained on biased or unrepresentative data can systematically misprice a segment, leaving the insurer adversely selected against on the risks it underprices and uncompetitive on the risks it overprices, with the effect compounding silently across a whole book before it shows up in the combined ratio. A model that has drifted, because the world it was trained on has changed, can keep producing confident outputs that are quietly wrong. A model that discriminates against a class of policyholders, even unintentionally through a proxy variable, can breach the requirement that insurance pricing be fair and non-discriminatory and expose the insurer to regulatory and reputational consequences. And a model whose decisions cannot be explained leaves the insurer unable to justify a declinature or a price to a policyholder, a regulator or a court.
IRDAI's direction of travel reinforces this. The regulator has signalled, through its supervisory expectations and its engagement on the use of technology in insurance, that insurers using AI in customer-facing and pricing decisions are expected to ensure the decisions are fair, non-discriminatory and explainable, that there is human accountability for the outcomes, and that the use of data complies with the data-protection law. The IRDAI (Protection of Policyholders' Interests) Regulations and the broader conduct framework require fair treatment of policyholders, and an AI model that prices or underwrites unfairly cannot be reconciled with that duty. The Digital Personal Data Protection Act 2023 (DPDP Act) governs the personal data the models are trained and run on. A board-level model risk framework is how an insurer reconciles the value of AI in underwriting and pricing with these obligations, and this post sets out how to structure it: validation, bias and fairness, documentation and audit, human oversight, and data governance.
Model validation: proving the model does what it claims
The foundation of model risk governance is independent validation: a structured assessment, by people other than those who built the model, that the model is conceptually sound, that it performs as claimed, that it is fit for the use it is put to, and that its limitations are understood. Validation is what separates a model an insurer can responsibly rely on from one it is merely hoping is right.
What validation examines
A validation covers the model end to end:
- Conceptual soundness. Is the modelling approach appropriate for the problem, are the variables and the design defensible, and does the model rest on assumptions that hold for the intended use? A model can be statistically accurate on its training data and still be conceptually wrong for the decision it is used for.
- Data quality and representativeness. Is the training and testing data accurate, complete, relevant and representative of the population the model will be applied to? A model trained on data that under-represents a segment will perform poorly on that segment, and validation has to test this rather than assume it.
- Performance and stability. Does the model perform on out-of-sample and out-of-time data, not just on the data it was trained on, and is its performance stable across segments and over time? Validation should test the model on data it has not seen and on the segments where it will be used.
- Limitations and boundaries. Where does the model break down, what inputs is it not reliable for, and what is the boundary of the population and the conditions within which it can be trusted? A validation that does not state the model's limits has not finished the job.
Ongoing validation and drift
Validation is not a one-time gate at deployment; it is a continuing discipline, because models degrade. Model drift occurs when the relationship the model learned no longer holds, because the underlying population, the risk environment or the behaviour has changed, and a model that was well-calibrated at launch can become miscalibrated without anyone touching it. The framework has to monitor the live performance of the model against actual outcomes, detect drift and degradation, and trigger revalidation or retraining when the model moves outside its validated performance. For a pricing model, the monitoring should compare the model's predicted loss costs against emerging actual experience, so a model that is systematically under- or over-predicting is caught before it damages the book.
Proportionality and the model inventory
Not every model needs the same depth of validation; the intensity should be proportionate to the model's materiality and the consequences of it being wrong. A model that sets prices across a major line warrants deep, independent validation and close monitoring; a minor internal tool warrants less. To apply proportionality the insurer needs a model inventory: a register of the models in use, their purpose, their materiality, their owners, their validation status and their monitoring, so the board can see what models the business depends on and govern them according to their importance. An insurer that cannot list its models cannot govern its model risk.
Bias, fairness and the non-discrimination expectation
The exposure that most distinguishes AI in insurance pricing from other model uses is bias and unfair discrimination. An insurance price is supposed to reflect risk, and differentiating on genuine risk factors is the basis of underwriting, but a model that differentiates on characteristics it should not, or that uses proxies for protected characteristics, can produce pricing that is unfair and that breaches the expectation of non-discrimination.
How bias enters a model
Bias enters through the data and the design, usually without anyone intending it. If the training data reflects historical patterns that were themselves discriminatory, the model learns and reproduces them. If a variable in the model is a proxy for a characteristic the insurer should not price on (a geographic or behavioural variable that correlates strongly with a protected characteristic), the model can discriminate on that characteristic indirectly even though the characteristic is not an input. Complex machine-learning models are especially prone to this, because they find and exploit correlations the modeller did not intend and may not even be aware of, which is what makes bias in AI pricing harder to detect than in a transparent rating table.
What fairness requires
Fairness in pricing means the differentiation rests on genuine, justifiable risk factors and does not unfairly disadvantage a class of policyholders. The framework has to test the model for bias and unfair discrimination, examine whether its outputs differ across segments in ways that cannot be justified by genuine risk, scrutinise the variables and their proxies, and document the justification for the risk factors used. This is both a fairness obligation to policyholders and a regulatory expectation, because IRDAI's conduct framework requires fair treatment, and a pricing model that systematically disadvantages a class of policyholders without a genuine risk justification is inconsistent with that duty. The testing should be built into validation and repeated in monitoring, because a model can develop biased behaviour over time as the data shifts.
Explainability as the partner of fairness
Explainability is what makes a fairness claim checkable: a price the insurer cannot account for is a price it cannot defend as fair. The insurer must be able to explain, to a policyholder, a regulator or a court, the basis on which a model declined, loaded or priced a risk, in terms a person can understand and challenge. This constrains how opaque a model can be in a pricing or underwriting decision: a black-box model that produces a price no one can account for is not defensible for a decision that affects a policyholder and is subject to a fairness duty. The framework should require that material pricing and underwriting models be explainable, that the reasons for an individual decision can be produced, and that the explanation is honest about the factors that drove the outcome.
Third-party and vendor models, and generative AI in the pipeline
Much of the AI an insurer uses in underwriting and pricing is not built in-house, and the model risk framework has to extend to the models the insurer buys, licenses or accesses from vendors, because the risk is the insurer's regardless of who built the model.
The vendor-model problem
Insurers increasingly buy pricing tools, risk scores, enrichment data and underwriting models from insurtech vendors and data providers, and these third-party models carry the same model risk as in-house ones, with an added difficulty: the insurer often cannot see inside them. A vendor that supplies a risk score may treat its model as proprietary and decline to expose its workings, which leaves the insurer relying on a model it cannot fully validate. The framework has to address this. The insurer remains accountable for the decisions it makes using a vendor model, so it cannot outsource the accountability with the model. It has to obtain enough information to validate the vendor model to a proportionate standard (the data it was trained on, its performance, its limitations, its fairness testing), satisfy itself that the model is fit for the insurer's use and population, monitor the model's live performance on the insurer's book, and include the vendor models in the model inventory and the governance. Where a vendor will not provide enough to validate the model, that is itself a risk the board should weigh, because deploying a black-box bought model in a pricing decision that must be fair and explainable is hard to defend. The contracts with vendors should require the information, the testing and the cooperation the insurer needs to govern the model.
Generative AI and large language models
A newer dimension is the use of generative AI and large language models in the underwriting and pricing pipeline, for tasks such as summarising submissions, extracting information from documents, drafting and assisting the underwriter. These models carry their own risks that the framework has to cover: they can produce plausible but wrong outputs (hallucination), they can be inconsistent, and their reasoning is opaque, so a generative model that extracts or summarises information that feeds an underwriting decision can introduce errors that flow into the decision. The framework should treat generative models in the decision pipeline as models subject to governance, validate their reliability for the task, keep a human checking the outputs that feed consequential decisions, and be clear about what the generative model is and is not relied on to do. Using a generative model to draft or to summarise, with a human verifying, is a different risk from using it to make or directly determine a decision, and the framework should not let the convenience of generative tools quietly insert an unvalidated, opaque step into a pricing or underwriting process.
Keeping the inventory complete
The common thread is that the model inventory and the governance have to be complete, covering in-house models, vendor models, and generative models in the pipeline, because a model risk framework that governs only the models the insurer built itself leaves the bought and the generative models unmanaged, and those are exactly where the insurer has the least visibility and the most reliance on someone else's work. The board's view of its model risk is only as good as the completeness of the inventory, and an insurer that has migrated decisions onto vendor scores and generative assistants without bringing them into the framework has a model risk exposure it cannot see.
Documentation, audit trails and human oversight
A model risk framework is only as strong as the record it keeps and the human accountability it preserves. Two requirements run through every part of it: thorough documentation and audit trails, and meaningful human oversight of consequential decisions.
Documentation and the audit trail
Every material model should be documented to a standard that lets an independent reviewer, an auditor or a regulator understand it without talking to the people who built it. The documentation should cover the model's purpose and intended use, its design and methodology, the data it was trained and tested on, the validation performed and its findings, the model's limitations and the conditions for its use, the monitoring in place, and the approvals through which it was put into production. This documentation is what makes the model governable and what an insurer relies on when a regulator asks how a pricing decision was made.
Alongside the model documentation, the insurer needs a decision-level audit trail: a record, for the decisions the model influences, of what the model was, which version, what inputs it received, what output it produced, and how that output was used in the decision. For a pricing or underwriting decision that affects a policyholder, the insurer should be able to reconstruct, after the fact, how the decision was reached, which means logging the model's involvement in a tamper-evident way. This audit trail is what allows the insurer to answer a complaint, defend a decision, and demonstrate to IRDAI that its AI-assisted underwriting is accountable. A model whose decisions cannot be reconstructed cannot be defended.
Human oversight and accountability
The framework must keep human accountability for the decisions the model informs. This does not mean a human re-does every decision, which would defeat the purpose of the model, but it means the consequential decisions remain subject to human oversight, that there are defined points at which a human reviews, can override and is accountable for the outcome, and that the model does not make high-impact decisions autonomously without that oversight. The degree of oversight should be proportionate to the materiality of the decision: a high-value commercial underwriting decision or a declinature warrants closer human involvement than a routine retail quote within established parameters. The principle is that the accountability for an underwriting or pricing decision stays with the insurer and its people, and the model is a tool that informs the decision rather than an unaccountable decision-maker. IRDAI's expectation that there be human accountability for AI-assisted decisions makes this concrete: the insurer cannot point to the model as the reason an unfair or wrong decision was made.
The three-lines structure
Model risk governance fits the standard three-lines-of-defence structure that insurers already run for risk. The first line, the business and the data-science function that builds and uses the models, owns the models and their performance. The second line, the risk and compliance functions, sets the model risk policy, runs or oversees the independent validation, and monitors model risk across the inventory. The third line, internal audit, provides independent assurance that the framework is working. Placing model risk in this structure makes it part of the insurer's existing risk governance rather than a separate, unaccountable process, and it gives the board the lines of sight it needs to govern the risk.
Data governance under the DPDP Act and the personal-data dimension
AI underwriting and pricing models run on data, much of it the personal data of policyholders and prospects, and the Digital Personal Data Protection Act 2023 (DPDP Act) governs how that personal data may be collected, used and processed. Data governance is therefore an inseparable part of model risk governance, because a model built or run on personal data handled unlawfully is a compliance exposure regardless of how good the model is.
What the DPDP Act requires of model data
The DPDP Act requires that personal data be processed for a lawful purpose with the data principal's consent or another lawful basis, that it be limited to what is necessary for the purpose, that the data principal be given notice, and that the data fiduciary (the insurer) protect the data and honour the data principal's rights. For AI models, several points bite. The data used to train and run a model must have a lawful basis and be within the purpose for which it was collected, so an insurer cannot freely repurpose policyholder data collected for one purpose to train a model for another without addressing the purpose-limitation and consent requirements. The principle of data minimisation means the model should use the personal data it genuinely needs, not everything available. The data principal's rights, including access and correction, apply to the data the model uses, and the insurer must be able to honour them. And the security obligation means the personal data in the model pipeline, which can be sensitive, must be protected against breach.
Data quality as a governance issue, not just a modelling issue
Data governance under the framework is not only about lawfulness; it is about the quality, lineage and control of the data the models depend on. A model is only as good as its data, and poor, biased or untraceable data produces poor, biased or indefensible models. The framework should require that the data feeding material models has known provenance, documented quality, and controls over how it is sourced, transformed and used, so that the model rests on data the insurer can stand behind. The data lineage also supports the bias testing and the explainability, because understanding what data drove a model is part of understanding why it priced a risk as it did. Data governance and model governance are two sides of the same discipline.
Bringing the framework together at board level
A board-level model risk framework for AI underwriting and pricing pulls these threads into a single governance structure: a model risk policy approved by the board, a model inventory that lets the board see what models the business depends on and their materiality, independent validation proportionate to materiality with ongoing monitoring for drift, bias and fairness testing with explainability for material decisions, full model documentation and decision-level audit trails, human accountability and oversight of consequential decisions within the three-lines structure, and data governance that satisfies the DPDP Act and assures data quality and lineage. The board's role is to own the policy, see the model inventory and the model risk reporting, and hold the framework accountable, so that the use of AI in underwriting and pricing is a governed activity rather than an unmonitored dependency.
Getting an underwriting or pricing model right also depends on understanding the products it prices, including how the wordings, the coverage triggers and the exclusions shape the risk the model is trying to assess. Sarvada gives commercial insurance teams structured, searchable access to insurer policy wordings, so the people building and validating pricing and underwriting models can ground them in the actual coverage detail of the products being priced. Request Access to connect your model governance to the real wording detail of the risks your models underwrite.