Get a Demo

Vortalis for Insurance

Claims processing

The trust layer for AI agents inside claim intake, validity assessment, payment authorisation, and customer denial workflows.

Claims processing moves at the speed of first notice of loss and bank settlement, not at the speed of senior-handler review. The claims-processing sub-vertical pack codifies the actions an agent may take inside the claims lifecycle, gates denials, high-value payment authorisations, and appeal outcomes behind senior-handler approval, and signs every decision into an audit chain an external auditor can verify offline. EIOPA Solvency II Article 41 sound-and-prudent-management evidence flows through the per-tenant Merkle chain; NAIC Model Bulletin recordkeeping reads the chain on demand.

Regulators covered

Which frameworks the insurance pack maps to today.

Framework
Jurisdiction
Coverage
Notes
EIOPA Solvency II Arts 41 to 49
vortalis_proxy/compliance/eiopa.py
tests/conformance/regulators/eiopa/
EU
Partial
System-of-governance obligations (Articles 41 to 49) mapped to platform primitives. Article 44 risk management is full where the operator threads the risk-register evidence. The operator's governance map (fit and proper assessments, outsourcing register) is operator-side.
EIOPA AI Governance Principles (EIOPA-BoS-21-307)
vortalis_proxy/compliance/eiopa.py
tests/conformance/regulators/eiopa/
EU
Partial
Published EIOPA position; the Supervisory Statement on AI Governance is in consultation and is cited explicitly as anticipated. Human oversight (require_human on denials) and record keeping (audit chain) are full.
NAIC Model Bulletin on AI Systems (2023)
vortalis_proxy/compliance/naic.py
tests/conformance/regulators/naic/
US (state)
Partial
AIS Program governance and recordkeeping mapped to platform primitives. State-level adoption varies; the operator's regulatory classification governs.
NAIC Insurance Data Security Model Law (#668)
vortalis_proxy/compliance/naic.py
tests/conformance/regulators/naic/
US (state)
Full
Section 4 (Information Security Program) is full at the technical-safeguard half: RBAC, TLS, encryption at rest, audit trails. The administrative program documentation is operator-side. State-level adoption varies.
FCA SM&CR (cross-reference for UK-authorised insurers)
vortalis_proxy/compliance/fca_smcr.py
tests/conformance/regulators/fca_smcr/
UK
Full
UK insurance carriers and intermediaries operate under FCA SM&CR; the existing FCA evidence pack from the financial-services sector covers the senior-manager attribution chain on the claims decision. FCA ICOBS conduct-of-business expectations sit alongside.
DORA (cross-reference for EU insurance undertakings)
vortalis_proxy/compliance/frameworks.py
EU
Partial
EU insurance undertakings in scope of DORA reuse the DORA evidence in frameworks.py for the operational-resilience audit trail.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

No Vortalis-side adapters ship for this vertical today. The calling system holds the upstream credentials (claims administration system, banking-payment service, customer communication channel, loss-adjuster portal) and Vortalis governs the action at the agent boundary.

Action vocabulary

The policy template for this vertical.

Actions allowed

13

Each action gated by policy at the hot path.

Anticipated require_human actions

  • claim.denied
  • payment.authorised
  • customer.appeal_outcome

Rate-limit posture

2 000 claim.intaken per 1-hour rolling window; 2 000 claim.validity_checked per 1-hour rolling window; 1 000 payment.authorised per 1-hour rolling window; 500 claim.denied per 1-hour rolling window; 200 customer.appeal_outcome per 1-hour rolling window; 100 siu.referred per 1-hour rolling window. Defensible for a single-line-of-business engagement; multi-line insurers raise after agreement with the head of claims.

Template path: policies/sectors/insurance/claims-processing-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/insurance-claims-processing.md

Honest limits

What this sector pack does not do.

Vortalis does not pay claims; AI agents do.

The policy template gates 13 actions including payment.authorised, claim.denied, and customer.appeal_outcome. It does not move money, draft the final customer notice, or substitute for the senior handler's judgement. Payment integrity, customer fair-treatment, and the insurer's regulatory obligations remain the operator's responsibility. Vortalis records what the agent did and when; it does not authorise the funds.

FCA ICOBS conduct rules on claims handling are operator-side; the platform records the agent action and the human approval.

The FCA Insurance Conduct of Business Sourcebook (ICOBS) sets conduct expectations on UK-authorised insurers handling claims. The Vortalis chain records the agent's actions and the human approval timestamp; the conduct conclusion (whether the claim was handled fairly, in line with ICOBS) is the operator's. The FCA SM&CR pack binds the senior manager responsible on the chain.

Payment-system counterparty certification is the operator's responsibility.

The Vortalis chain captures the payment authorisation; the actual money movement happens on the operator's banking or payment-instruction service. Certification with the operator's payment counterparty (the bank's API, the insurer's payment service) sits with the operator; Vortalis records the authorisation, the bank moves the funds.

NAIC Insurance Data Security incident-notice obligations under Sections 5 and 6 are operator-side.

NAIC Model Law #668 Section 5 (investigation) and Section 6 (notice within 72 hours) bind the operator. The Vortalis chain supplies the contemporaneous record an investigation reads; the runbook for investigation, the determination of whether the event meets the notice criteria, and the channel to the state insurance commissioner are operator-side. State-level adoption of Model Law #668 varies.

The general-purpose honest limits sit at /security/limitations; this list is specific to the insurance pack.

Bring Vortalis to your insurance agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration briefTalk to an engineer