Sixfold Content

Here at Sixfold, we talk to underwriters all the time—on calls, in meetings, at conferences, and through feedback on everything we create. Why? Because understanding the real challenges underwriters face is at the core of what we do.

From those conversations, we realized there’s no central digital space where underwriters can stay updated on industry innovations, exchange insights, and find tools to grow their careers.

That got us thinking — what if we built that place?

So, we did! I’m super excited to introduce Beyond the Policy, Sixfold’s innovation hub designed exclusively for underwriters. Here’s what you can expect:

Real Stories From the Frontlines

Why? Great advice comes from those who’ve faced the same challenges. That’s why Beyond the Policy features interviews with experienced underwriters who share their perspectives on the challenges and opportunities shaping the industry today. These Q&As provide practical insights, lessons learned, and tips you can apply directly to your own work.

We began our interviews with underwriters from major players like Sompo International and NSM, as well as from smaller MGAs and consultancies, ensuring a diverse (and always personal) perspectives.‍

AI Crash Course for Underwriting Leaders

Why? AI is transforming underwriting, but getting started can feel overwhelming. To help, we’ve created a crash course specifically for underwriting leaders. It’s designed to provide clear, actionable steps for getting started. 

This course brings together insights from top AI experts across diverse fields, including the Head of AI at Sixfold and a Lead AI Counsel at Debevoise & Plimpton. Whether you're new to AI or looking to enhance your approach, this resource is a great starting point.

Will we launch more courses in the future? Absolutely - stay tuned for our next one.

The Best of the Web for Underwriters

Why? The internet is full of information, but finding what’s truly relevant can be a challenge. That’s why we’re doing the work for you. Beyond the Policy features curated content tailored to underwriters, pulling together key industry updates and trends - and updating it frequently. Fresh content, every week! 

This week's recommended content includes a great episode from The Insurance Podcast featuring Send (underwriting insurance software) and an article from Deloitte on the insurance outlook in 2025.

Monthly Emails You’ll Actually Want to Read

Why? We know you’re busy, so we’ve packed our monthly emails with the best of what Beyond the Policy has to offer. Expect updates on the latest Q&As, new resources like the AI crash course, and handpicked articles that are worth your time.

These emails are designed to keep you ahead (without adding to your email load).

➡️ Beyond the Policy is now live!

If you’re an underwriter, I invite you to check it out, sign up for our monthly emails and hopefully learn a new thing or two.

Enjoy!

In the hands of insurers, AI can drive great efficiency —safely and responsibly. We recently sat down with Matt Kelly, Data Strategy & Security expert and counsel at Debevoise & Plimpton, to explore how insurers can achieve this.

Matt has played a key role in developing Sixfold’s 2024 Responsible AI Framework. With deep expertise in AI governance, he has led a growing number of insurers through AI implementations as adoption accelerates across the insurance industry.

To support insurers in navigating the early stages of compliance evaluation, he outlined four key steps:‍

Step 1: Define the Type of Vendor

Before getting started, it’s important to define what type of AI vendor you’re dealing with. Vendors come in various forms, and each type serves a different purpose. Start by asking these key questions:

• Are they really an AI vendor at all? Practically all vendors use AI (or will do so soon) – even if only in the form of routine office productivity tools and CRM suites. The fact that a vendor uses AI does not mean they use it in a way that merits treating them as an “AI vendor.” If the vendor’s use of AI is not material to either the risk or value proposition of the service or software product being offered (as may be the case, for instance, if a vendor uses it only for internal idea generation, background research, or for logistical purposes), ask yourself whether it makes sense to treat them as an AI vendor at all.  
• Is this vendor delivering AI as a standalone product, or is it part of a broader software solution? You need to distinguish between vendors that are providing an AI system that you will interact with directly, versus those who are providing a software solution that leverages AI in a way that is removed from any end users. 
• What type of AI technology does this vendor offer? Are they providing or using machine learning models, natural language processing tools, or something else entirely? Have they built or fine-tuned any of their AI systems themselves, or are they simply built atop third-party solutions?
• How does this AI support the insurance carrier’s operations? Is it enhancing underwriting processes, improving customer service, or optimizing operational efficiency?

Pro Tip: Knowing what type of AI solution you need and what the vendor provides will set the stage for deeper evaluations. Map out a flowchart of potential vendors and their associated risks. 

Step 2: Identify the Risks Associated with the Vendor

Regulatory and compliance risks are always present when evaluating AI vendors, but it’s important to understand the specific exposures for each type of implementation. Some questions to consider are: 

• Are there specific regulations that apply? Based on your expected use of the vendor, are there likely to be specific regulations that would need to be satisfied in connection with the engagement (as would be the case, for instance, with using AI to assist with underwriting decisions in various jurisdictions)? 
• What are the data privacy risks? Does the vendor require access to sensitive information – particularly personal information or material nonpublic information – and if so, how do they protect it? Can a customer’s information easily be removed from the underlying AI or models?
• How explainable are their AI models? Are the decision-making processes clear, are they well documented, and can the outputs be explained to and understood by third parties if necessary?
• What cybersecurity protocols are in place? How does the vendor ensure that AI systems (and your data) are secure from misuse or unauthorized access?
• How will things change? What has the vendor committed to do in terms of ongoing monitoring and maintenance? How will you monitor compliance and consistency going forward?  

Pro Tip: A good approach is to create a comprehensive checklist of potential risks for evaluation. For each risk that can be addressed through contract terms, build a playbook that includes key diligence questions, preferred contract clauses, and acceptable backup options. This will help ensure all critical areas are covered and allow you to handle each risk with consistency and clarity.

Step 3: Evaluate How Best to Mitigate the Identified Risks 

Your company likely has processes in place to handle third-party risks, especially when it comes to data protection, vendor management, and quality control. However, not all risks may be covered, and they may need new or different mitigations. Start by asking:

• What existing processes already address AI vendor risks? For example, if you already have robust data privacy policies, consider whether those policies cover key AI-related risks, and if so, ensure they are incorporated into the AI vendor review process.
• Which risks remain unresolved? Identify the gaps in your current processes to identify unique residual risks – such as algorithmic biases or the need for external audits on AI models – that will require new and ongoing resource allocations.
• How can we mitigate the residual risks? Rather than relying solely on contractual provisions and commercial remedies, consider alternative methods to mitigate residual risks, including data access controls and other technical limitations. For instance, when it comes to sharing personal or other protected data, consider alternative means (including the use of anonymized, pseudonymized, or otherwise abstracted datasets) to help limit the exposure of sensitive information.

Pro Tip: You don’t always need to reinvent the wheel. Look at existing processes within your organization, such as those for data privacy, and determine if they can be adapted to cover AI-specific risks.

Step 4: Establish a Plan for Accepting and Governing Remaining Risks

Eliminating all AI vendor risks cannot be the goal. The goal must be to identify, measure, and mitigate AI vendor risks to a level that is reasonable and that can be accepted by a responsible, accountable person or committee. Keep these final considerations in mind:

• How centralized is your company’s decision-making process? Some carriers may have a centralized procurement team handling all AI vendor decisions, while others may allow business units more autonomy. Understanding this structure will guide how risks are managed.
• Who is accountable for evaluating and approving these risks? Should this decision be made by a procurement team, the business unit, or a senior executive? Larger engagements with greater risks may require involvement from higher levels of the company.
• Which risks are too significant to be accepted? In any vendor engagement, some risks may simply be unacceptable to the carrier. For example, allowing a vendor to resell policyholder information to third parties would often fall into this category. Those overseeing AI vendor risk management usually identify these types of risks instinctively, but clearly documenting them helps ensure alignment among all stakeholders, including regulators and affected parties.  

One-Process-Fits-All Doesn’t Apply 

As AI adoption grows in insurance, taking a strategic approach can help simplify review processes and prioritize efforts. These four steps provide the foundation for making informed, secure decisions from the start of your AI implementation project.

Evaluating AI vendors is a unique process for each carrier that requires clarity about the type of vendor, understanding the risks, identifying the gaps in your existing processes, and deciding how to mitigate the remaining risks moving forward. Each organization will have a unique approach based on its structure, corporate culture, and risk tolerance.

“Every insurance carrier that I’ve worked with has its own unique set of tools and rules for evaluating AI vendors, what works for one may not be the right fit for another.”

- Matt Kelly, Counsel at Debevoise & Plimpton. 

October 18, 2024 - Sixfold, the AI solution designed to streamline end-to-end risk assessments for underwriters, announced its partnership with AXIS, a global leader in specialty insurance and reinsurance, a collaboration that has yielded positive results in its initial rollout. Within the first month of deployment, AXIS underwriters leveraged Sixfold’s solution to improve efficiency, accurately classifying businesses and aligning cases with their risk appetite.

“This partnership is all about leveraging AI to empower our underwriters and even further enhance the service we provide to our customers. We were searching for a solution that could reliably deliver precision, and Sixfold has done just that and more.

The real game-changer has been the time savings—freeing up valuable hours so our underwriters can zero in on the work that drives results while ultimately benefiting the customer” said Josh Fishkind, Head of Innovation at AXIS.

“Our goal is to provide meaningful ROI for all our customers, and AXIS has already begun to see these benefits,” said Alex Schmelkin, Sixfold's Founder & CEO. “We look forward to continuing our partnership as AXIS discovers more ways Sixfold can enhance their underwriting processes.”

Read the full customer story here and check out the Insurance Post article covering our work with AXIS.

In 2025, the cyber risk landscape is expected to become more complex with increasing threats driven by rising privacy violations, data breaches, the rise of AI, and external factors such as emerging regulations. According to Munich Re, the cyber insurance market has nearly tripled in size over the past five years, with global premiums projected to surpass $20 billion by 2025, up from nearly $15 billion in 2023, as reported by CyberSecurity Dive.

Reflecting the rapid market growth and emerging threats, Sixfold has seen increased demand from specialty insurers in the cyber sector and has successfully brought on several industry leaders as customers.  "In the near future, cyber policies will become as essential as General Liability or Property & Casualty coverage. Given the world we live in, this shift is inevitable. Cyber policies are poised to become the most specific and highly customized policies available" said Jane Tran, Co-founder & COO at Sixfold.

"In the near future, cyber policies will become as essential as General Liability or Property & Casualty coverage. Given the world we live in, this shift is inevitable. Cyber policies are poised to become the most specific and highly customized policies available"

Empowering Underwriters to Quickly Adapt to New Cyber Risks

As cyber risks grow, the pressure on underwriters to assess risks accurately and expedite the case review process continues to increase. Sixfold’s AI solution for cyber insurance addresses these challenges by securely ingesting each insurer’s underwriting guidelines and aggregating all necessary business information to quickly provide recommendations that align with the carrier’s risk appetite. This capability allows insurers to quickly adjust their risk strategies in response to new cyber threats.

“With Sixfold, insurers can synchronize their underwriting guidelines across the board and adapt quickly. For example, when a new malware threat is identified, you can instantly incorporate it into your risk criteria through Sixfold. This ensures that the entire cyber team factors it into their assessments immediately without needing to learn every detail or the threat or spending hours digging for the right information” said Alex Schmelkin, Founder & CEO of Sixfold.

Besides, effective cyber underwriting demands deep expertise in IT systems, cybersecurity measures, and industry developments. This need for specific expertise presents a significant talent issue for insurers, especially with 50% of the underwriting workforce set to retire by 2028. Sixfold bridges the knowledge gap by instantly providing underwriters with the specialized knowledge they need for accurate risk assessments. 

“Underwriters no longer need to be cyber experts; they can rely on Sixfold to spotlight the critical information needed for accurate underwriting decisions. Our platform simplifies the complex world of cyber risk and empowers underwriters to make more confident decisions, faster” said Jane Tran, Co-founder & COO at Sixfold.

Sixfold Partners with CyberCube to Enhance Cyber Risk Assessments

‍Sixfold has teamed up with CyberCube, the world’s leading analytics provider to quantify cyber risk. This integration of CyberCube's advanced cyber risk analytics with Sixfold's AI underwriting solution enables insurers to achieve faster and more accurate risk assessments. The partnership enhances underwriting efficiency, strengthens regulatory compliance, and offers highly tailored cyber insurance solutions, empowering insurers to stay ahead of the rapidly evolving cyber threat landscape. "The partnership between CyberCube’s comprehensive cyber data and Sixfold’s innovative risk assessment is setting a new standard for the future of underwriting, keeping insurers prepared for new challenges in determining accurate cyber policies.” said Ross Wirth, Head of Partnership and Ecosystem for CyberCube.

‍

"The partnership between CyberCube’s comprehensive cyber data and Sixfold’s innovative risk assessment is setting a new standard for the future of underwriting, keeping insurers prepared for new challenges in determining accurate cyber policies.”
‍

To see our Sixfold speeds up the cyber underwriting process join our upcoming live product demo.

This content was originally published on PR Web

With the rise of AI solutions in the Insurance market, questions around AI regulations and compliance are increasingly at the forefront. Key questions such as “What happens when we use data in the context of AI?” and “What are the key focus areas in the new regulations?” are top of mind for both consumers and industry leaders.

To address these topics, Sixfold’s founder and CEO, Alex Schmelkin, hosted the webinar “How to Secure Your AI Compliance Team’s Approval”. Joined by industry experts Jason D. Lapham, Deputy Commissioner for P&C Insurance for the State of Colorado, and Matt Kelly, Data Strategy & Security Counsel at Debevoise & Plimpton, the discussion provided essential insights into navigating AI regulations and compliance.

Here are the key insights from the session:

AI Regulation Developments: Colorado Leads the Way in the U.S

“There’s a requirement in almost any regulatory regime to protect consumer data. But now, what happens when we start using that data in AI? Are things different?” — Alex Schmelkin

Both nationally and globally, AI regulations are being implemented. In the U.S., Colorado became the first state to pass a law and implement regulations related to AI in the insurance sector. Jason Lapham explained that the key components of this legislation revolve around two major requirements:

1. Governance and Risk Management Frameworks: Companies must establish robust frameworks to manage the risks associated with AI and predictive models.
2. Quantitative Testing: Businesses must test their AI models to ensure that outcomes generated from non-traditional data sources (e.g., external consumer data) do not lead to unfairly discriminatory results. The legislation also mandates a stakeholder process prior to adopting rules.

Initially, the focus was on life insurance, as it played a critical role in shaping the legislative process. The first regulation, implementing Colorado’s Bill 169, adopted in late 2023, addressed governance and risk management. This regulation applies to life insurers across all practices, and the Regulatory Agency received the first reports this year from companies using predictive models and external consumer data sources.

So, what’s the next move for the first-moving state in terms of AI regulations? Colorado Division of Insurance is developing a framework for quantitative testing to help insurers assess whether their models produce unfairly discriminatory outcomes. Insurers are expected to take action if their models do lead to such outcomes.

Compliance Approach: Develop Governance Programs

“When we’re discussing with clients, we say focus on the operational risk side, and it will get you largely where you need to be for most regulations out there.” — Matt Kelly

With AI regulations differing across U.S. states and globally, companies face challenges. Matt Kelly described how his team at Debevoise & Plimpton navigate these challenges by building a framework that prioritizes managing operational risk related to technology. Their approach involves asking questions such as :

• What AI is being used?
• What risks are associated with its use?
• How is the company governing or mitigating those risks?

By focusing on these questions, companies can develop strong governance programs that align with most regulatory frameworks. Kelly advises clients to center their efforts on addressing operational risks, which takes them a long way toward compliance.

The Four Pillars of AI Compliance 

Across different AI regulatory regimes, four common themes emerge:

1. Transparency and Accountability: Companies must understand and clearly explain their AI processes. Transparency is a universal requirement.
2. Ethical and Fair Usage: Organizations must ensure their AI models do not introduce bias and must be able to demonstrate fairness.
3. Consumer Protection: In all regulatory contexts, protecting consumer data is essential. With AI, this extends to ensuring models do not misuse consumer information.
4. Governance Structure: Insurance companies are responsible for ensuring that they—and any third-party model providers—comply with AI regulations. While third-party providers play a role, carriers are ultimately accountable.

Matt Kelly emphasizes that insurers can navigate these four themes successfully by establishing the right frameworks and governance structures. 

Protection vs. Innovation: Striking the Right Balance 

“We tend not to look at innovation as a risk. We see it as aligned with protecting consumers when managed correctly.” — Matt Kelly

Balancing consumer protection with innovation is crucial for insurers. When done correctly, these goals align. Matt noted that the focus should be on leveraging technology to improve services without compromising consumer rights.

One major concern in insurance is unfair discrimination, particularly in how companies categorize risks using AI and consumer data. Regulators ask whether these categorizations are justified based on coverage or risk pool considerations, or whether they are unfairly based on unrelated characteristics. Aligning these concerns with technological innovation can lead to more accurate and fair coverage decisions while ensuring compliance with regulatory standards.

Want to learn more? 

Watch the full webinar recording and download Sixfold’s Responsible AI framework for Sixfold’s approach to safe AI usage. 

‍

Companies of all sizes are actively exploring how emerging AI technologies can overcome longstanding business challenges. Inevitably, they run up against the reality that weathered AI pros like myself have long known: AI ain’t easy.  Rather than going it alone, many businesses choose to partner with firms that specialize in building solutions with LLMs. The good news? There are a growing number of AI vendors to pick from, with more popping up all the time. The bad? Discerning if a vendor can deliver what you need isn’t always so straightforward.

It seems like everyone and their little cousin touts the ability to “wrap” custom applications around one of the big-name LLMs. If that’s all they bring to the table, they might help you address simple use cases, but probably won’t have the chops to build and manage complex solutions in heavily regulated industries like insurance. That’s a whole different thing.

So, how can you tell if a prospective vendor can meet your business's needs? In this blog post, I’ll explore some key areas along the AI value chain and propose some questions to ask so you can make an informed decision.

So, how can you tell if a prospective vendor can meet your business's needs? In this blog post, I’ll explore some key areas along the AI value chain and propose some questions to ask so you can make an informed decision.

Input preparation

What you put into your AI system is what you get out of it. Make sure a prospective vendor prioritizes clean data, stored & handled in a secure compliant manner.

You can think of data like a commodity that powered the previous century: oil. You don’t just dig some oil out of the ground and pour it into your gas tank. (Or, I guess you could, but you wouldn’t get far before your engines seized up.) Like oil, data requires multiple rounds of preparation before it can be used. 

The value of the output your AI produces is directly related to the quality of the input. Before moving forward with any prospective vendor, ensure they have the means—and indeed, the knowledge—to help you build compliant, secure data workflows from beginning to end. 

The value of the output your AI produces is directly related to the quality of the input. Before moving forward with any prospective vendor, ensure they have the means—and indeed, the knowledge—to help you build compliant, secure data workflows from beginning to end. 

Here are some points to consider to ensure this is a vendor for you.

Questions to consider: 

• ‍How will the data be collected?
  ‍Data must be carefully collected to protect privacy and prevent bias. Ensuring that data has been ethically obtained and correctly governed is a point of emphasis for regulators.‍
• How will the data be “cleaned”?
  ‍Data needs to be refined and structured in a way that an AI solution can use and interpret. Make sure a prospective vendor understands what types of data are appropriate for your use case and how to prepare it at scale.‍
• How will the data be transferred, stored, and secured?
  ‍When developing solutions for complex, highly regulated industries, proof of certification for things like SOC2 and HIPAA are table stakes. Additionally, you’ll want to verify that the vendor uses secure data transfer methods, such as encryption during transit and at rest, to prevent unauthorized access. Also, ensure they effectively track the status of the data over time via robust version control and data lineage systems.

Prompt development 

LLMs work best when you make it difficult for them to make mistakes. An AI vendor should understand how to craft prompts to generate business value. 

For an AI solution to generate value, it must surface useful information with as little human intermediation as possible. This is achieved by ensuring that every prompt to an LLM includes all guidance, data access, and guardrails necessary to generate a high-quality return. Things like: 

1. Industry-specific content to guide results
2. Phrasing that reflects informed insight into the domain 
3. Precise instructions on the structure of the result being sought 

Your vendor will need to demonstrate they understand the capabilities and limitations of AI and can provide insights on how to structure LLM conversations to extract maximum value. Here are some points to review with a prospective partner to ensure they have the means—and better yet, a history—of value-oriented prompt engineering.

Questions to consider: ‍

• ‍How do they build prompts, and what domain-specific knowledge do they have?
  ‍Technical acumen is one thing, but does the vendor understand the specific needs of your industry? It’s one thing to ask an LLM to plan out a fun afternoon at the beach, it’s another thing to have it understand if, for example, family-owned restaurants align with a home insurer's risk appetite, or not. ‍
• What methods are used to select material included in the context window?
  ‍You should understand the vendor’s criteria for selecting contextually relevant information and how they ensure this information is timely and accurate. Ask what processes they use to filter and prioritize the most pertinent data for inclusion in prompts.‍
• How often, and in what ways are prompts updated over time? Are these changes tracked?
  ‍Learn about their schedule for reviewing and updating prompts to keep them aligned with the latest industry trends and data. Ensure they have a system for tracking changes to prompts, including version history and impact analysis, to maintain transparency and continuous improvement.‍
• What methods are used to evaluate the results of prompts, and to compare the results to prior versions when changes are made?
  ‍Ask about their evaluation metrics and benchmarks for assessing prompt performance, including accuracy, relevance, and consistency. Understand their process for A/B testing new prompt versions and how they compare the results to previous versions to ensure improvements.

Output control

Non-deterministic AI systems act in unpredictable ways. A quality vendor should know how to measure misaligned behaviors, as well as how to address them.  
‍
The value of the output your AI produces is directly related to the quality of the input. Before moving forward with any prospective vendor, ensure they have the means—and indeed, the knowledge—to help you build compliant, secure data workflows from beginning to end.  Ask an LLM the same question 10 times and you might get 10 different responses. The goal is to generate 10 accurate, useful answers. Achieving this requires putting as much care into reviewing the system’s output as you do into preparing the input. 

Ask an LLM the same question 10 times and you might get 10 different responses. The goal is to generate 10 accurate, useful answers. Achieving this requires putting as much care into reviewing the system’s output as you do into preparing the input. 

Continuous monitoring and tweaking are necessary to adapt your system to accommodate new data and evolving requirements. Here are some questions to explore when evaluating a vendor’s approach to scaled output control.

Questions to consider: 

• ‍What evals will you run?
  ‍Inquire about their evaluation frameworks, including both automated and manual assessments, to ensure outputs meet quality standards. Learn about the specific metrics they use to evaluate outputs, such as precision, recall, and F1 score, as well as checks for hallucinations and biases.‍
• What role will human experts play in this process?
  ‍Verify that human subject matter experts are involved in reviewing and validating AI outputs to ensure they are contextually appropriate and accurate. Ask about their process for incorporating expert feedback into continuous improvement cycles for the AI system.‍
• How often will you review overall results, and what metrics will you use to guide refinement and improvement?
  ‍Get a handle on their schedule for regular reviews and audits of AI outputs to ensure ongoing quality and relevance. Inquire about the key performance indicators (KPIs) and metrics they use to monitor and refine the AI system, such as user satisfaction scores, error rates, and feedback loops.

Transparency 

Not only does visibility allow you to properly evaluate an AI’s performance, it’s increasingly required by regulators as a means to address system bias.

Transparency is crucial for every step from data preparation to prompt development and output review. You cannot evaluate what you cannot see. To maintain the highest possible standards, every AI vendor should be prepared to provide a window into every step under their control. 

Questions to consider: 

• ‍Can you provide clear documentation of your processes and methods?
  ‍Ensure that the vendor offers comprehensive and understandable documentation covering all aspects of their AI processes, from data collection to output generation. Ask for examples of their documentation to assess its clarity and completeness.‍
• Can you demonstrate every point at which they interact with an LLM, and provide a complete trail of what information was exchanged?
  ‍Verify that the vendor maintains detailed logs and records of interactions with the LLM, including data inputs, prompts, and outputs. Ensure they can provide audit trails that detail the flow of information through their systems, which is crucial for regulatory compliance and troubleshooting.‍
• Will you provide a routine report about their evaluations and measuring for potential bias?
  ‍Inquire about their regular reporting practices, including how often they produce reports on AI performance, bias detection, and mitigation efforts. Ask to see examples of these reports to evaluate their thoroughness and transparency in addressing potential biases and other issues.

At Sixfold, we’ve created a Responsible AI framework for prospects and customers to showcase our ongoing transparency work.

In Summary

AI has the potential to overcome challenges that have been holding businesses back for decades. If you haven’t started your AI journey, now’s the time to get started. Partnering with an AI vendor can help you identify use cases ripe for transformation and provide the skills to get you there.

I hope that this checklist helped you identify which vendor has the right combination of technical know-how, industry expertise, and regulatory awareness to get your business where it needs to be.

This post was originally published on Linkedin