Next Round of Testing: NAIC Clarifies Third-Party Oversight Plan

Continuing its goal of mapping out the regulatory landscape that would apply to insurers’ use of third-party models and data, the National Association of Insurance Commissioners’ Third-Party Data and Models (H) Working Group detailed its conceptual approach in developing its “Third-Party Regulatory Framework” at the NAICSpring National Meeting. The working group chair, Jason Lapham of Colorado, explained that the comments received on the framework exposed at the 2025 Fall National Meeting reflected misinterpretations of the framework’s intent. During the meeting, the group reiterated its views on registration and governance, and that it would continue to refine the framework, with a focus on pricing and underwriting.

Registration

Lapham clarified that the framework seeks registration of the third parties and not of the third parties’ models or data. Working group members explained that the breakthrough sought by the framework’s registration requirement is a means for regulators to obtain data directly from the third parties. Currently, when regulators seek information on models or data, insurers often are unable to provide the information because of non-disclosure agreements with the third parties.

Lapham described registration under the framework as a two-part process —  registration of the third parties and then, if requested by regulators, the submission of any models or datasets. He indicated that this two-part process would allow regulators to scrutinize the third parties and question them on what models or data they provide to insurers. If deemed necessary, regulators could then scrutinize models or datasets.

Regulators questioned whether registration would be compulsory or voluntary. Several regulators theorized that compulsory registration would require action by state legislatures, impeding widespread adoption of the framework. Regulators considered whether voluntary registration would yield adequate protection over the information that third parties provide to regulators, noting that regulators’ exam authority confers privacy and confidentiality protections. If registration were merely voluntary, it could be considered outside regulators’ exam authority and thus not subject to those protections.

Regulators also discussed streamlining the thirdparty registration process, to avoid state-by-state registration. One regulator suggested a registry process that is similar to what is used for surplus lines. Based on Lapham’s report to the H Committee, it appears that the working group intends to examine the possibility of this registry option moving forward.

Governance

The working group explained that as part of the registration process, regulators would obtain the third parties’ governance frameworks. The group indicated that a third party’s framework would allow regulators to have insight into the third party’s operations.

Pricing and Underwriting

While the exposed framework covers third-party vendors across the spectrum of insurance-related functions, the working group discussed focusing the framework on activity that is considered the highest risk for negative consumer impact. The group reached consensus on revising the framework to concentrate on pricing and underwriting, with the understanding that other functions could be added, as warranted by risk-based considerations.

Next Steps

A drafting group, taking account of the discussions during the Spring National Meeting, will prepare a new version of the framework before the Summer National Meeting. As part of its work, the drafting group will consider:

• Whether registration should be voluntary or compulsory.
• Whether the framework should become a model law or a bulletin.

The drafting group will also be prepared to discuss the pros and cons of its recommended approach, as well as alternative approaches.

This article was co-authored by Carlton Fields law clerk Jake Heiges.