Due Diligence

The investigation an insurer performs before acquiring or deploying a third-party AI system, including assessment of the vendor, model, data, and risks.

Due diligence is the investigation a company performs before entering a business relationship or transaction. In insurance AI, vendor due diligence is the process of assessing a third-party AI system before deployment. It covers the vendor’s financial stability, model development practices, data sources, testing records, security controls, and regulatory experience.

The NAIC Model Bulletin requires insurers to perform due diligence on third-party AI systems before deployment. Due diligence cannot be replaced by a vendor’s own claims of compliance. The carrier must understand the model well enough to explain it to a regulator and to monitor it over time.

A thorough due diligence process usually includes a written questionnaire, document review, legal review of contract terms, and risk-tiering of the system. See our AI vendor risk assessment checklist and glossary entries on third-party AI and audit rights.