Get a Demo

Vortalis for Insurance

Underwriting

The trust layer for AI agents inside applicant intake, risk assessment, premium calculation, and policy binding workflows.

Underwriting moves at the speed of binding decisions and rate-table lookups, not at the speed of senior-underwriter review. The underwriting sub-vertical pack codifies the actions an agent may take inside a binding pipeline, gates declinations, referrals, and high-sum-insured bindings behind senior-underwriter approval, and signs every decision into an audit chain an external auditor can verify offline. EIOPA Solvency II Article 41 sound-and-prudent-management evidence flows through the per-tenant Merkle chain; the NAIC Model Bulletin AIS Program governance reads the chain on demand.

Regulators covered

Which frameworks the insurance pack maps to today.

Framework
Jurisdiction
Coverage
Notes
EIOPA Solvency II Arts 41 to 49 and Arts 112 to 127
vortalis_proxy/compliance/eiopa.py
tests/conformance/regulators/eiopa/
EU
Partial
System-of-governance obligations (Articles 41 to 49) mapped to platform primitives. Internal-model use (Articles 112 to 127) is partial because internal-model approval is a supervisor decision (PRA / home-state); the platform supplies the audit-chain and validation evidence the operator's application cites.
EIOPA AI Governance Principles (EIOPA-BoS-21-307)
vortalis_proxy/compliance/eiopa.py
tests/conformance/regulators/eiopa/
EU
Partial
Published EIOPA position; the Supervisory Statement on AI Governance is in consultation at the builder's authorship date and is cited explicitly as anticipated. Human oversight (require_human) and record keeping (audit chain) are full; transparency and explainability are partial because model-level explainability is operator-side.
NAIC Model Bulletin on AI Systems (2023)
vortalis_proxy/compliance/naic.py
tests/conformance/regulators/naic/
US (state)
Partial
AIS Program governance (Section 3.1), risk and internal controls (Section 3.2), third-party AI (Section 3.3), and recordkeeping (Section 4) mapped to platform primitives. State-level adoption varies; the operator's regulatory classification governs which state's adoption applies.
FCA SM&CR (cross-reference for UK insurance intermediaries)
vortalis_proxy/compliance/fca_smcr.py
tests/conformance/regulators/fca_smcr/
UK
Full
UK insurance intermediaries operate under FCA SM&CR; the existing FCA evidence pack from the financial-services sector covers the senior-manager attribution chain on the underwriting decision. No insurance-specific duplication.
DORA (cross-reference for EU insurance undertakings)
vortalis_proxy/compliance/frameworks.py
EU
Partial
EU insurance undertakings in scope of DORA reuse the DORA evidence in frameworks.py. The Vortalis chain plus the offline-verifiable attestation supply the operational-resilience audit trail; the operator's wider ICT-risk-management framework lives outside the platform.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

No Vortalis-side adapters ship for this vertical today. The calling system holds the upstream credentials (policy administration system, rate-table service, bureau data, reinsurance system) and Vortalis governs the action at the agent boundary rather than at the upstream-API boundary.

Action vocabulary

The policy template for this vertical.

Actions allowed

10

Each action gated by policy at the hot path.

Anticipated require_human actions

  • policy.declined
  • underwriter.referred
  • policy.issued

Rate-limit posture

1 000 risk.assessed per 1-hour rolling window; 1 000 premium.calculated per 1-hour rolling window; 500 policy.issued per 1-hour rolling window; 200 policy.declined per 1-hour rolling window; 300 underwriter.referred per 1-hour rolling window. Defensible for a single-line-of-business engagement; multi-line insurers raise after agreement with the chief underwriting officer.

Template path: policies/sectors/insurance/underwriting-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/insurance-underwriting.md

Honest limits

What this sector pack does not do.

Vortalis does not bind policies; AI agents do.

The policy template gates 10 actions including risk.assessed, premium.calculated, and policy.issued. It does not assess the applicant, set the rate, or substitute for the senior underwriter's judgement. Binding integrity, customer suitability, and the insurer's regulatory obligations remain the operator's responsibility. Vortalis records what the agent did and when; it does not approve the risk.

Solvency II internal-model approval under Article 112 is a supervisor decision.

Internal-model approval to calculate the Solvency Capital Requirement is decided by the PRA in the UK and the relevant home-state supervisor in the EU based on the insurer's application. The Vortalis platform supplies the runtime audit and governance evidence the application cites for the use test, statistical quality, validation, and documentation; the approval itself sits with the supervisor.

NAIC Model Bulletin state-level adoption varies; the operator's regulatory classification governs.

The NAIC Model Bulletin on AI Systems (2023) is a model instrument; individual US states adopt it with their own variations. The operator is responsible for confirming which states' adoption applies in each state of operation. Vortalis cites the model-bulletin text; the state-level mapping is operator-side.

The senior-underwriter attribution chain depends on operator tenant configuration.

The Vortalis audit chain captures the principal-chain on every governed action. When the operator threads the senior-underwriter-to-agent map into Tenant.config, every binding decision surfaces with the named senior underwriter in the chain; the FCA SM&CR-aligned reconstruction reads the chain by senior-manager id. The map itself is the operator's responsibility.

The general-purpose honest limits sit at /security/limitations; this list is specific to the insurance pack.

Bring Vortalis to your insurance agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration briefTalk to an engineer