Skip to main content
MCP connects AI agents to the systems that run an insurer: the policy administration system (PAS), the claims system, the rating engine, and the customer records behind them — exactly where Nonpublic Personal Information and, for health lines, PHI live. Agents there move the combined ratio, with better risk selection on the loss-ratio side and lower cost per policy and per claim on the expense-ratio side. That reach is also what makes ungoverned MCP a non-starter for a regulated carrier, where a governance lapse surfaces years later in an exam or in litigation.

The opportunity and the bind

AI already runs across underwriting, pricing, claims and First Notice of Loss, fraud detection, and customer engagement. The hard part is that it lives on the most sensitive data, in the oldest systems, making the most consequential decisions:
  • The data is regulated and sits in legacy cores. The dominant cores (Guidewire, Duck Creek) and a long tail of legacy systems were not built for fine-grained agent access control, yet underwriting and claims agents are useful precisely because they reach into them.
  • The decisions are legally consequential. A claims-triage or pricing agent influences coverage, premium, and denial — outcomes directly regulated for fairness and explainability. An LLM that hallucinates a rationale, or quietly proxies a protected class, carries real regulatory and litigation exposure.
  • The vendors are wiring agents in now. Duck Creek launched an insurance-native agentic platform in April 2026 with an AI Gateway layer that explicitly supports MCP and A2A so agents from the vendor, partners, and customers can reach core systems. The insurer’s question is no longer “should we adopt MCP?” but “who governs the MCP traffic flowing into our regulated systems?”
A learning worth honoring in tone: enablement comes before security. Insurers want their agents running reliably across core systems and want to see what they do first; governance is the layer that makes that durable, not fear-first messaging. MCP Manager delivers both — get agents working through one governed gateway, and have the evidence ready for the exam. The gateway is where an insurer can finally answer the question its core systems cannot: what is our AI actually seeing, and how are we controlling it?

The regulatory reality

US insurance is regulated at the state level and coordinated through the NAIC, with the EU regime increasingly setting the global bar. Strip away the acronyms and every framework asks for the same handful of things — and examiners are being equipped to check them right now.
  • NAIC Model Bulletin (AIS Program) — you must document your AI systems, test them, oversee third-party tools, and show board accountability, now examinable in roughly two dozen states. MCP Manager gives you the inventory and audit record of every agent and third-party connection an AIS Program expects.
  • The NAIC AI Systems Evaluation Tool — examiners are being handed a standardized framework (multi-state pilot January–September 2026) to probe AI governance in market-conduct exams. MCP Manager produces the exam-ready record of what each AI accessed and did.
  • NYDFS Circular Letter 2024-7 and Colorado’s ECDIS rules — you must control and document the data feeding underwriting and pricing models and show they do not proxy protected classes. MCP Manager controls which data sources an agent can reach and records every input, feeding your own fairness testing.
  • NYDFS Part 500, GLBA, and the EU AI Act — NPI needs a prescriptive security program, and high-risk life and health pricing carries logging and human-oversight duties from 2 August 2026. MCP Manager secures and attributes every call and exports the log to your SIEM.
What regulators demandWhat MCP Manager enforces todayWhere it fits
Documentation and auditability of AI decisions (exams, DPIAs, FRIAs, litigation)A comprehensive audit log of every MCP call attributed to the real user or agent, with the tool, request, response, and verdict — searchable and exportable to your SIEMThe evidentiary trail for a market-conduct exam that may come years after the decision
Third-party and vendor AI oversight (you stay liable for vendor agents)A single governed gateway every agent connects through, with an inventory of every server, host, and connectionThe one place to see and constrain what an external agent touches in your systems
Data minimization and security of NPI/PHIGateway rules that detect and block, redact, mask, replace, or hash sensitive data inline with regex and Microsoft Presidio; AES-256-GCM credential encryption; TLS on every hopNPI and PHI are minimized before a model or a log ever sees them
Control the data sources feeding decisions (nondiscrimination testing)Tool provisioning and per-team scoping over which servers and data sources an agent can reach, with every input surfaced in the audit logThe inputs feeding a model are controlled and visible, an input to your fairness testing and documentation
Govern high-stakes actionsAllow-all, allow-only-if-conditions-are-met, or block-all tool provisioning (fail-closed), so an agent can be limited to read-only access and never handed coverage-denial or payout toolsConsequential write actions are gated by what an agent is permitted to call at all
Incident readiness (Part 500 reporting)Real-time alerts on policy violations, plus break-glass kill switches to disable a host, connection, or identity instantlyA misbehaving connection can be cut off immediately and surfaced to the team
A note on fairness: MCP Manager controls and records which data an agent can reach and surfaces every input in the log, which feeds your fairness testing and documentation. The fairness testing itself remains yours to run. Carriers writing health insurance in the United States are HIPAA covered entities, and PHI moves through the same agents. Where a Business Associate Agreement is required, MCP Manager signs one — see Business Associate Agreement. BAA coverage is available on select enterprise plans tailored for regulated carriers; contact your MCP Manager representative.

How MCP Manager governs insurance AI

  • Observability first. A single pane shows every agent, server, and connection and what is being called, which is the direct answer to “what is our AI seeing?” See Audit & observability.
  • Sensitive-data enforcement in flight. Gateway rules run inbound and outbound with regex, Microsoft Presidio, and custom rule engines; five actions — block, redact, replace, mask, hash — apply inline, each set to fail closed if you choose.
  • Least privilege and scoped tools. Capability-based RBAC, per-team tool scoping, and a fail-closed allowlist decide which agents reach the PAS or the claims system and which tools they may call — including limiting an agent to read-only.
  • An exam-ready record. Every call is logged with the requesting identity, the tool, the payloads, and the verdict, searchable and exportable to your SIEM for retention under your own policy. See Export to SIEM.
  • Identity and integrity. Enforced OAuth with PKCE, identity brokering so credentials never live in the client, SSO, SCIM 2.0, and tool-change protection that stops a vendor agent’s tools from changing behavior after approval.

Why Usercentrics

Every framework above converges on documentation, purpose limitation, lawful access, and auditability — the primitives a consent platform already thinks in. MCP Manager is built by Usercentrics, Europe’s largest consent management platform, which has spent years as the trusted control layer for how consented data is used on the web — billions of consent signals every month across 100+ countries. For a buyer whose entire AI problem is “can I prove this is governed and fair?”, a compliance company is a more natural custodian of the AI control plane than a generic infrastructure startup, and the institutional backing gives the insurer a durable vendor behind its AI governance. The platform runs inside Usercentrics’ own audited cloud and security program — review its posture at the Usercentrics trust center.

Further reading

Cybersecurity & Threat Intelligence

The next industry page — the agentic SOC without the new attack surface.

Feature governance

Fail-closed allowlists, tool provisioning, and tool-change protection.

Audit & observability

What every call records and how the evidence trail is built.

Export to SIEM

Forward structured logs to your own monitoring backend.

External sources

NAIC — Artificial Intelligence

The Model Bulletin and AI Systems Evaluation Tool.

NYDFS Circular Letter 2024-7

Use of AI and external consumer data in insurance underwriting and pricing.

Colorado DOI — AI / ECDIS

Colorado’s rules on external data and predictive models.

EU AI Act — Regulation (EU) 2024/1689

High-risk obligations covering life and health insurance pricing (Annex III).