NAIC Updates
The Life Actuarial Task Force recently discussed updated revisions to Actuarial Guideline (AG) 49-A (the Application of the Life Illustrations Model Regulation to Policies with Indexed-Based Interest). The changes incorporate several improvements proposed by the American Academy of Actuaries and the ACLI, including clarifying that companies can continue to show benchmark index account information, even if historical performance is prohibited (due to the short Historical Period of the index). The revisions also simplify language that must be added to the basic illustration used in all policies sold on or after April 1, 2026.
A friendly amendment was proposed to provide guidance on how companies can comply with these provisions once an index has been in existence long enough to meet the Historical Period requirements for illustration. Comments are due November 12.
The Third-Party Data and Models Working Group met on October 29, 2025. Key takeaways from the discussion include:
- Gameplan: Jason Lapham (Chair-CO) will work with three states to develop a draft framework for regulating third parties, which he hopes to share publicly before the December NAIC meeting.
- Goals: The main goal of the framework is for regulators to have access to third-party data and models so they can appropriately regulate their use by insurers. Ancillary goals may include model and data governance, data accuracy, and third-party and insurer communication.
- Registration/Licensure: The working group discussed the need to determine whether the framework should require third-party data and model vendors to engage in a registration process or a more robust licensure process. As part of this process, third parties would be expected to provide documentation of their data and AI governance programs. It is unclear whether all regulators will want to receive and review all the data or models. Some regulators may want the ability to receive or review data or models upon request. Lapham made clear that insurers would retain ultimate responsibility for how they use the data and models.
- Focus Areas: Once the working group builds out the requirements for the registration or licensure process, it will then focus on specific, high-risk third-party and insurance practices. The working group highlighted P&C rating and underwriting as an initial focus because reviewing P&C rates is a core regulatory function for most states, and most regulators have experience reviewing data and models in the P&C context. Other potential focus areas are utilization management and prior authorization.
- Transparency: Lapham discussed imposing transparency requirements on third parties that would require them to disclose certain information about their data and models to insurers. This would help insurers evaluate the appropriateness of the data/model.
- Principles: The working group is currently developing this framework based on three principles: (1) risk proportionality, where oversight requirements scale with the materiality of the third party’s role and impact on consumers; (2) transparency with safeguards, so that insurers and regulators receive sufficient information to assess risk and compliance while protecting interested parties; and (3) accountability, where the ultimate responsibility remains with insurers for outcomes derived from use of third-party models and data.
- Definitions: The working group adopted a working definition of “third party” as “any organization, operating independently of any government entity and not otherwise defined as a Licensee, that engages with an insurer to provide data, models, and/or model outputs to the insurer for pricing, underwriting, claims, marketing, and/or fraud detection functions.” The definition excludes “Licensees,” which means “any insurer, producer, advisory or rating organization, third-party administrator, or other similar organization engaged in the business of insurance that is required to be licensed or otherwise authorized to perform insurance-related functions under applicable state law and is subject to examination by the [department of insurance].” The working group’s definition of “third party” contains much greater detail than that in the NAIC’s AI Model Bulletin, which defines “third party” simply as “an organization other than the Insurer that provides services, data, or other resources related to AI.”
In addition, the NAIC has exposed a project proposal request form to implement the Cybersecurity Event Notification Portal. The portal is designed to streamline and secure the exchange of cyber incident data between licensed entities and regulators. The Cybersecurity Working Group will review the proposal, followed by the H Committee. The form lays out the reasoning behind the proposed portal, the costs, and the timeline for completion of the project. Comments are due December 1.
Staff Contact - Sean McKennaInternational Developments
On October 27, 2025, the Bank for International Settlements (BIS) published a paper titled Transformation of the Life Insurance Industry: Systemic Risks and Policy Challenges. The paper concludes that life insurance industry shifts have led to financial stability issues, raising concerns with increased exposure to riskier/less liquid assets and reliance on private markets, the complexities of asset-intensive reinsurance, interconnectedness, and concentration of risks in certain jurisdictions. The BIS recommends consideration of six policy measures to address the resulting supervisory challenges:
- Direct tools to mitigate concentration risk associated with geographic and operational concentration of reinsurance activity
- Hardwiring liquidity risks into regulatory frameworks, noting a trend toward a more prominent role of liquidity in insurance supervision
- Enhancing transparency and disclosure, particularly on alternative asset holdings, valuation practices, liquidity profiles, and cross-border reinsurance
- Greater alignment of international standards to reduce incentives for regulatory arbitrage and promote consistent outcomes across jurisdictions
- Strengthening governance frameworks to mitigate conflicts of interest across the full investment chain
- Adopting a macroprudential approach in monitoring activities of the life insurance sector, specifically by tracking common exposures and funding risks and interlinkages within the insurance sector and broader financial system
Privacy Updates
The Electronic Privacy Information Center released a report titled State Attorneys General & Privacy: Enforcement Trends, 2020–2024. The report provides information on where the attorneys general are directing their enforcement efforts in six areas:
- Unwanted calls and text messages
- Data breaches
- Data privacy
- Antitrust
- Platform accountability and governance
- Algorithms and automated systems
The California Privacy Protection Agency Board will hold a public meeting on November 7, 2025, at 9:00 am PST. The meeting will focus on proposed regulations and potential amendments concerning California’s Delete Request and Opt-Out Platform under the California Delete Act.
Meanwhile, enforcement activity in California continues, with Attorney General Bonta securing a settlement with Sling TV LLC and Dish Media Sales LLC (Sling TV) to resolve allegations that the company violated the California Consumer Privacy Act (CCPA) by (1) failing to provide an easy-to-use method for consumers to stop the sale of their personal information, and (2) failing to provide sufficient privacy protections for children. Pursuant to the settlement, and subject to court approval, Sling TV has agreed to (1) pay $530,000 in CCPA civil penalties; (2) implement changes to ensure its CCPA opt out is easy for consumers to execute, requires minimal steps, and considers the way the business interacts with consumers; and (3) provide parents with clear disclosures and tools to minimize collection and use of their children’s data.
Staff Contact - Sean McKenna