California moves to mandate climate, cybersecurity and AI stress tests for insurers amid solvency worries

California proposes regs requiring insurers to report climate and AI risk scenarios

California is moving to require carriers to model how long-horizon threats like climate change, cybersecurity events, and AI failures could affect capital needs and solvency. The goal is simple: reduce blind spots before they turn into balance sheet problems.

If you write business in the state-personal or commercial lines, homeowners', property, or reinsurance-expect tighter expectations around forward-looking risk analysis and board-level oversight.

What the proposed rules are expected to require

• Scenario modeling across multiple threats: Climate (e.g., wildfire, heat, flood), cyber (systemic outages, ransomware waves), and AI (model error, bias, data leakage, fraud amplification).
• Capital planning on multi-year horizons: Move beyond short planning cycles to test long-term solvency under adverse paths and compounding shocks.
• Governance and documentation: Clear ownership, controls, and validation for inputs, models, and assumptions. Board visibility and sign-off.
• Regulatory reporting: Submission of methodology, scenarios, and results to the California Department of Insurance (CDI), with periodic updates.

Why it matters

Loss volatility in California is no longer limited to a single peril or season. Wildfire frequency, secondary perils, cyber accumulation, and AI-driven operational risks now overlap. Capital that looks adequate on a one-year view can look thin over a decade.

Regulators want carriers to prove they can withstand low-probability, high-severity paths-not just typical years. Expect the results to influence reinsurance strategy, retention levels, and rate filings.

Practical steps to get ahead

• Stand up a cross-functional workstream: Actuarial, cat modeling, ERM/ORSA, cyber, data/AI, claims, legal, and reinsurance.
• Map exposure and data gaps: Geospatial property data, supplier/TPA dependencies, cloud concentration, model inventory for AI in underwriting and claims.
• Build a scenario library: Include historical analogs and forward-looking narratives; cover compounding events and duration risk (multi-year stress).
• Quant + qual: Use vendor and internal models, but pair with expert overlays where models are thin (e.g., correlated cyber-cat, AI operational risk).
• Reverse stress testing: Identify failure conditions for capital or liquidity; trace back to controls, reinsurance, and pricing actions.
• Tighten governance: Model validation, assumption change logs, and board reporting cadence aligned with ORSA.
• Reinsurance alignment: Test retentions, aggregate covers, and reinstatement structures under your worst-but-plausible scenarios.

Scenario ideas to pressure-test

• Climate: Three consecutive severe wildfire seasons; prolonged heat waves with grid strain; flood following burn scars.
• Cyber: Multi-week cloud outage impacting policy admin and claims; widespread ransomware on SMB commercial clients; systemic third-party vendor compromise.
• AI: Underwriting model drift leading to adverse selection; automated claims triage error increasing leakage; regulatory penalties from inadequate AI controls.
• Compounding: Wildfire season followed by cyber disruption during CAT response, delaying claims and driving LAE escalation.

Implications for lines and markets

• Personal and homeowners': Exposure concentration and mitigation assumptions will face scrutiny; premium adequacy and non-renewal strategies must tie back to scenarios.
• Commercial lines: SME cyber accumulation, contingent business interruption, and liability from AI use by insureds can move the tail.
• Property insurers: Expect emphasis on secondary peril modeling, home hardening credits, and clarity on aggregation controls.
• Reinsurers and reinsurance buyers: Higher cedant retentions seen recently may persist if scenarios show spillover loss potential; structured solutions and aggregates will be re-examined.

Compliance tips

• Anchor to familiar frameworks: Align your narrative and metrics with ORSA and climate disclosure practices to avoid reinventing the wheel.
• Be explicit about uncertainty: Document model limits and expert judgment; show how you've bracketed the risk.
• Connect to action: Link findings to capital plans, reinsurance purchases, underwriting appetite, and rate indications.
• Keep it auditable: Version control, reproducible runs, and clear references for data sources and parameters.

What's next

The proposal will move through rulemaking and public comment before final timelines are set. Track updates directly from the regulator and prepare a draft internal submission now, so you can iterate once technical specs are published.

California Department of Insurance | NAIC ORSA overview

Team enablement

Your risk, actuarial, and data teams will need shared language on AI model risk and scenario design. If you're building those skills in-house, these resources can help:

• AI Certification for Data Analysis for analytics leaders formalizing controls and documentation.
• Courses by Job to curate training paths for underwriting, claims, and risk functions.

Bottom line: California wants proof that carriers can see around corners. Start building a scenario program that ties directly to capital, reinsurance, and pricing decisions-and make it defendable.