Regulators Don’t Want an AI Policy. They Want Receipts.

Most insurance AI governance programs were built from the top down. They began with principles, acceptable-use rules, model inventories, steering committees, and vendor questionnaires. All of that work is useful. None of it, by itself, answers the question that matters when a specific claim is challenged: show me exactly how this decision happened.

Texas has given the industry a timely reminder that this is where governance leaves the presentation deck and enters the claim file.

Texas moved the question from policy to proof

The Texas Department of Insurance’s June 12 AI bulletin is not a new AI statute. In some ways, that makes it more consequential. TDI ties AI-supported actions to existing requirements covering unfair claims settlement practices, adjuster licensing, market conduct surveillance, corporate governance, and production of records.

The bulletin also makes three points that claims leaders should read together. Its expectations extend to third parties working with regulated entities. When AI is used to make a consequential decision, TDI expects a person to review and agree with that decision before action is taken. And TDI may ask about a specific use or application of AI during an investigation or examination.

TDI is careful not to prescribe one documentation format. That is sensible. A fraud model, a severity score, and a coverage-letter drafting tool should not have identical controls. But the absence of a mandated form does not reduce the need for evidence. It increases the carrier’s responsibility to decide what evidence will be sufficient.

Texas is not moving alone. The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers says the relevant standards apply regardless of the tools or methods used. It contemplates inquiries into specific models, applications, outcomes, data lineage, traceability, reproducibility, and third-party systems. A March 2026 NAIC issue brief makes the principle even plainer: AI does not alter an insurer’s legal obligations, whether the work is performed by a human, an algorithm, or a vendor.

The direction of travel is clear. Regulators are moving from asking whether an AI governance program exists to asking whether an AI-supported outcome can be reconstructed.

The unit of governance is the decision, not the model

Insurance has borrowed much of its AI governance language from model risk management. That gives us useful disciplines: validation, drift monitoring, bias testing, access controls, and version management. But a well-governed model can still participate in a poorly governed claim.

Consider the ways a single file can go wrong. The system receives the wrong policy version. An endorsement is missing. A field note arrives after the analysis. A template is current in one jurisdiction but stale in another. The adjuster correctly changes an AI-generated draft, but the reason for the change is not retained. The final communication is copied into another system, breaking the connection to its source material.

The Claims Correspondence Compendium makes that fragmentation visible in one place. The same letter type can carry different deadlines, disclosure requirements, and drafting expectations from one jurisdiction to the next.

None of those failures is fully explained by a model card or an enterprise policy. They occur in the chain between evidence, software, human judgment, authority, and communication.

That is why carriers need a claim-level receipt.

What a claim-level receipt should contain

I am not suggesting that TDI or the NAIC has mandated a six-field record. They have not. I am suggesting a practical test for whether a carrier can support the outcome of an AI-assisted workflow.

A useful receipt should preserve six things:

  1. The inputs. Which policy form, endorsements, claim facts, photographs, estimates, reports, and other evidence were available when the work occurred?
  2. The human contribution. What did the reviewer accept, reject, add, remove, or send back for further investigation?
  3. The authority. Who approved the resulting action, what role did that person hold, and when did approval occur?
  4. The communication. What was ultimately sent to the claimant or insured, through which channel, and at what time?

The exact implementation will vary by use case. The principle should not. A carrier should be able to travel from the final action back through human review, system output, and source evidence without reconstructing the story from screenshots and employee memory.

Third-party AI does not transfer accountability

The vendor question is where many governance programs become fragile. A carrier may have strong internal controls and still depend on a third party that cannot reproduce an earlier model version, explain a configuration change, or provide the records needed for an examination.

Both Texas and the NAIC put third-party systems inside the governance perimeter. That should change procurement. Accuracy in a demonstration environment is not enough. Carrier buyers should ask whether the vendor can preserve version history, document material changes, support data lineage, provide audit access, retain the original output, and meet the carrier’s record-retention obligations.

The contract should define an evidence package, not merely uptime and performance. If a vendor cannot reproduce what its system did on a particular claim last Tuesday, the carrier has purchased a blind spot.

“Human in the loop” must describe observable work

Human oversight has become the safest phrase in insurance AI. It can also be nearly meaningless. A required approval click proves that a person interacted with a screen. It does not show what the person reviewed, whether relevant information was available, or how human judgment changed the result.

TDI’s formulation is more useful. For consequential decisions, a person should review and agree before action is taken. The operational challenge is making that review visible without turning every claim into a compliance exercise.

A risk-based design can do this. Low-consequence administrative work may need lightweight confirmation. A coverage position, payment decision, or fraud escalation deserves a clearer record of the reviewer’s contribution and authority. Exceptions and overrides should be treated as valuable information, not workflow noise. They show where the system’s limits are and where experienced judgment matters most.

This boundary shapes our approach to ai claims correspondence software at Voltaire. AI assists with the work of drafting claims correspondence. It does not own adjudication, choose the operative rule, or replace the adjuster’s coverage judgment. The adjuster remains responsible for the decision and the final letter. Drafting speed matters because it gives that person more time to apply judgment at volume, not because speed converts software into an adjuster.

The claim letter is the receipt the policyholder can see

Most governance evidence is internal. The claimant will never see a model inventory, testing protocol, or vendor assessment. The claim letter is different. It is where the carrier externalizes what it decided, which facts mattered, and which policy language supports the position.

The Texas claims correspondence reference illustrates the practical layer beneath the governance discussion. Claims-handling duties, timing rules, and letter resources all converge in the communication the policyholder ultimately receives.

The letter does not need to expose model internals. It does need to remain connected to the evidence and human authority behind it. A polished explanation assembled from the wrong policy version is still wrong. A correct conclusion with a generic or contradictory explanation still creates avoidable doubt.

This is why correspondence should not be treated as the last clerical step after the real work is finished. It is the final test of whether the decision can be explained. If the carrier cannot connect the wording in the letter to the source material, the reviewer, and the underlying authority, its governance process is incomplete.

Run the 25-file test

Claims leaders do not need to wait for an examination to learn whether they can produce receipts. Pick one live AI-assisted workflow and sample 25 files. For each one, try to reproduce the inputs, the human changes, the approval, and the final communication.

Then put a clock on the exercise.

If the answer requires three departments, a vendor support ticket, and several days of forensic work, the organization does not have operational traceability. It has scattered evidence. The gaps will usually point to concrete fixes: better version retention, clearer authority mapping, stronger vendor terms, preserved drafts, or more deliberate capture of overrides.

The carriers best prepared for the next phase of AI oversight will not necessarily have the longest policy or the largest model inventory. They will be able to answer a regulator, a court, a customer, or their own QA team with the same calm narrative: here is the evidence, here is what the system produced, here is what the human did, here is who decided, and here is what we communicated.

That is the receipt. If you cannot produce it, you do not yet govern the AI. You merely own it. We make this easy at Voltaire, and if you’re curious, let us show you our QA review suite and embedded AI reasoning for every piece of correspondence generated.

More from this Author