In 7 to 10 days I map your AI controls against the NAIC AI Systems Evaluation Tool that 12 states now use in market conduct examinations, and deliver a Red, Yellow, Green scorecard plus a sequenced plan that turns each gap into a concrete next step.
Tiago Ferreira, Founder. Two Master's in cyberpsychology and digital transformation leadership. Federal government and startup background. Currently embedded with a U.S. life insurance carrier on Phase 1 governance.
Grant Thornton's 2026 Insurance AI Impact Survey found that only 24 percent of insurance executives are highly confident they could demonstrate audit-ready AI governance today, which means there is meaningful first-mover advantage available to carriers who build the foundation now. The NAIC has launched a multi-state AI Systems Evaluation Tool pilot across 12 states, and regulators are using it in routine market conduct and financial examinations. Carriers that lead this conversation rather than respond to it are in a far stronger position commercially and operationally.
When a state Department of Insurance issues an inquiry using the Evaluation Tool, carriers are expected to produce an AI inventory, model cards, bias testing results, and a documented risk management oversight structure. The carriers who land this best are the ones who started building before the inquiry, with the framework, the evidence trail, and the executive narrative all ready to go. The Readiness Audit is the fastest way to know exactly what you have, what you need, and how to sequence the build.
Each control area mapped to your current state with a clear status, a regulatory citation, and a concrete next step.
Material gap that would likely be flagged in a market conduct examination. Requires action this quarter, with a sequenced remediation plan and a named owner.
Partial coverage that needs strengthening. The control exists but the documentation, testing cadence, or oversight structure is below what regulators will expect.
Defensible coverage. The control is in place, documented, and aligned to the bulletin or applicable framework, with a clear evidence trail.
Coverage areas include: AI inventory and model registry, governance committee charter and operating cadence, vendor and third-party AI risk management, fairness and bias testing approach, consumer protections and adverse action documentation, internal audit and risk management oversight, and incident response and model drift monitoring.
A legal review interprets the bulletin and your obligations. This audit translates those obligations into specific operational gaps, scored against what regulators are actually looking for in the NAIC AI Systems Evaluation Tool, and then sequences the fixes by severity and effort. Many of my clients run a legal review and this audit in parallel because they answer different questions.
Insurance is the primary lane because the NAIC bulletin is the most concrete regulatory framework right now, but healthcare organizations face a parallel set of expectations under HHS, JCAHO, and FDA TEMPO. The audit is calibrated to the regulatory environment that applies to you, so a hospital system or digital health company gets the same scorecard structure tuned against their applicable frameworks.
The bulletin has been adopted in roughly 25 states as of early 2026, and the trend is one-way. Even in states that have not formally adopted it, examiners increasingly use the Evaluation Tool framework as a reference standard. Building toward it now is the lowest-risk posture, and the same controls satisfy most adjacent state-level guidance.
No. The audit prepares you to talk to your regulators with confidence, but the engagement does not include direct regulator communication. That stays with your legal and compliance leadership.
The remediation plan is sequenced by severity, not by what is convenient. Material gaps get a 30-60-90 day path. Less urgent items get a longer runway with named owners and milestones. If the surface area is wider than the audit can fully resolve, the AI Readiness Sprint or the Fractional CAIO retainer become the natural next step.
$3,500 · 14 days. Maps every AI tool your workforce is already using, classifies the data exposure against HIPAA and NAIC standards, and gives you a sanctioning, contain, or replace path for each one. Best fit for IT, CIO, or compliance leads who want a baseline picture first.
Learn more →$7,500 · 14 days. All six board-ready deliverables in one package: Shadow AI Inventory, Governance Charter, Acceptable Use Policy, Vendor Risk Framework, ROI Roadmap, and Regulatory Alignment Checklist. Best fit for C-suite, SVP, or board sponsor who wants the complete picture in one engagement.
Learn more →Seven to ten days, $4,900 fixed, a scorecard your board can stand behind, and a sequenced plan you can act on this quarter.