What auditable underwriting decisions with an AI layer means
Auditable underwriting decisions with AI are automated subscrição (underwriting) decisions where every quote, decline, or escalation returns the full reasoning behind it, written back to the quote as a structured, inspectable record. This matters to any insurer in Brazilian Seguros e Danos (P&C, property and casualty) that wants to automate the quotation journey without losing the ability to reconstruct why a given risk was priced, refused, or surcharged. The mechanism is explainability plus a complete audit trail, calibrated to the insurer's own risk policy, not a promise of perfect prediction.
The reason this is the central objection from underwriting leaders is simple. The manual journey is itself poorly auditable. A submission can arrive by e-mail, broker portal, spreadsheet, PDF, or messaging app, and underwriters re-key data, chase brokers for missing information, and apply judgment that varies between people and between days. When a decision is later questioned by an auditor, a regulator, an ombudsman (ouvidoria), or the corretor (broker), the rationale usually lives in inboxes and memory rather than in a structured, queryable form. An external AI layer does not introduce the audit gap. Done correctly, it is the first time the insurer holds a decision by decision record of the entire underwriting journey.
WIR is the AI layer of insurance built for exactly this posture. It sits on top of the insurer's existing core and pricing systems, reads and structures each submission, scores the risk against the insurer's models, and returns a recommendation together with the reasons that produced it. It never replaces the core and never carries risk. The point of an auditable layer is that an underwriter, an auditor, or a regulator can read one record and follow the path from raw submission to final action.
How each decision produces an explanation and audit trail
Nothing happens to a submission that is not recorded. The journey runs in six stages, and each stage emits audit artifacts rather than only an output, so the trail is built continuously instead of reconstructed after the fact.
The journey begins with multichannel intake. A submission arrives by API, broker portal, or upload in the format the insurer already uses, and the layer records the source channel, the timestamp, a hash of the raw document, and the broker identity. Intelligent document reading follows, where unstructured PDFs, spreadsheets, and forms are read and structured by Machine Learning extraction, and the layer logs each extracted field with its confidence score, a link back to the source location in the original document, and the model version used. Broker enrichment and scoring come next, flagging and filling missing fields and scoring the submission for completeness, while recording what was missing, what was enriched, and from which source.
The risk and fraud engine then scores the risk against the insurer's models and fraud signals, and this is where explainability does most of its work. The record captures the features used and their values, the model version, the resulting score, and the contribution of each feature to that score. Dynamic pricing calculates a risk-adjusted premium (prêmio) against the rate tables and risk appetite, writing back the rating factors applied, the base rate, the loadings and discounts, the final premium, and the rule that produced each component. Finally the decision and prioritization stage recommends an action calibrated to the underwriting manual, recording whether it auto-decided or escalated to a human, the threshold and rule that triggered the action, and the human's final action with any override reason.
The design choice that makes the decision auditable is that this full trail is written back together with the decision and attached to the quote. The record is immutable and queryable, which turns the model decided into here is exactly why the model recommended this, what rule applied, and who confirmed it. Borderline or out of appetite risks escalate to a human rather than being forced through. WIR never describes the engine as infallible or perfectly accurate. The mechanism is traceability and human escalation on low confidence cases, not flawless prediction.
How to deploy explainability as an external layer
Deploying the layer is a contained, auditable sequence rather than a core migration. The insurer keeps its core and its underwriting manual, and the layer is calibrated to that manual instead of imposing a generic model. WIR's commercial model treats this as a fixed-scope Setup that runs 3 to 12 months, covering automations, integrations, tests, and go-live adjustments, with KPIs agreed before the work starts, followed by continuous operation after go-live.
The sequence starts by scoping one or two lines (ramos) where submission volume and SLA pain are highest, commonly patrimonial (property) or a transport and cargo line, and defining what auto-decide versus escalate means for each ramo. Integration with the core comes next, connecting by API so recommendations and audit records flow into the existing system of record while the core stays authoritative. There is no data migration and no IT project the insurer's own team has to run. Calibration to the underwriting manual and risk appetite then encodes the insurer's rules, thresholds, exclusions, and appetite into the layer, and this is where escalation thresholds are set so borderline or out of appetite risks always reach a human.
Before the layer influences anything, it runs in shadow mode against historical and live submissions, comparing its recommendations to underwriter decisions. This validates the calibration and produces the first audit dataset. Go-live then starts with the layer recommending and humans confirming, widening the auto-decide band only as confidence and audit evidence accumulate. From there the layer runs in continuous operation, monitoring drift, reviewing escalations, and recalibrating as the manual and appetite change, with every recalibration itself versioned and auditable. Because the layer is external and writes structured records back, every recommendation stays independently inspectable without touching the core's data model.
Governance, explainability, and LGPD
Governance rests on three pillars: an explanation on each decision, the audit trail written back, and calibration to the insurer's own risk policy, all under LGPD and SUSEP supervision. Every recommendation carries which features drove the risk score, which rule triggered the quote, decline, or escalation, and which rating factors set the premium, so a single decision record can be read and understood without reverse engineering a black box. This is a hard requirement rather than a refinement, because Brazil's Lei Geral de Proteção de Dados, the Lei nº 13.709/2018 (LGPD), governs the personal data inside underwriting submissions.
Two LGPD anchors apply directly. Under the right to review of automated decisions, the data subject can request review of decisions taken solely on automated processing that affect their interests, and the controller must, when requested and subject to commercial and industrial secrecy, give clear and adequate information about the criteria and procedures used. In practice this means a declined or surcharged applicant can ask why, and an explainable, auditable layer is what makes that answer possible. The LGPD security principle requires technical and administrative measures to protect personal data, which here means encryption in transit and at rest, access control, and logging at every step from intake through decision write-back. The Autoridade Nacional de Proteção de Dados (ANPD) supervises LGPD compliance and has issued guidance relevant to automated processing and security incidents.
The audit trail is what operationalizes this. For every decision the layer writes back, attached to the quote, the inputs and their source, the document extraction confidence, the model and rule versions, the features and their contributions, the price components, the recommended action, the escalation status, and the final human action with any override reason. The record is immutable and queryable, and data is encrypted at every step. Calibration keeps governance with the insurer. The model is calibrated to the insurer's own underwriting manual and risk appetite, the insurer sets the auto-decision and escalation thresholds, and the layer enforces that policy consistently while recording every application of it. None of this promises infallible decisions. It makes errors traceable and reviewable rather than claiming to eliminate them.
This posture also strengthens the insurer in front of its supervisor. SUSEP supervises P&C market conduct, solvency, and consumer treatment, and expects insurers to retain records that justify underwriting and pricing decisions. A layer that writes a structured, explainable record for every decision reinforces, rather than weakens, the insurer's position in a SUSEP inspection or an ouvidoria dispute. Read more about the Brazilian P&C market in the WIR insurance market intelligence guide.
How WIR makes underwriting decisions auditable
WIR is the AI layer of insurance, an external AI platform that sits on top of the insurer's existing systems and automates the quotation and underwriting journey according to the insurer's own risk-acceptance policy. It is 100% external, with no core migration and no load on the insurer's IT. Its Machine Learning is calibrated to the insurer's risk appetite and underwriting manual, every decision is explainable and returns a full audit trail, and data is encrypted at every step and LGPD compliant. WIR is not an insurer, a broker, or an MGA, and it does not carry risk.
Two modules carry this in production. Underwriter Intelligence automates the quotation journey per the insurer's risk policy so underwriters spend their time on risk analysis and business development, with real-time ML scoring calibrated to appetite, automatic routing by appetite and exposure, and predictive conversion analysis by product, risk, and broker. Smart Sales is the distribution intelligence module, mapping the portfolio by client and product, scoring upsell and next best action, and running multi-channel campaigns with an attribution trail so penetration and retention grow together. Real-time dashboards give a proactive view of in-flight deals and the underwriter queue.
Founded in 2025 by a team united between São Paulo and Silicon Valley and built with Mahway and Avante, WIR is in execution on its first POC with a global insurer in the Transport line. That is the only traction WIR claims here. The Brazilian Seguros e Danos market grows double digits per year while company structure does not keep pace, which is the pressure an explainable, auditable layer is built to relieve. The mechanism is consistent: the AI layer for insurance, on top of the systems the insurer already runs, never in their place, with every automated decision explainable, auditable, encrypted at every step, and LGPD compliant.
Frequently asked questions
Does every automated decision come with an explanation?
Yes. Every quote, decline, or escalation returns the features, rules, and rating factors that produced it, written back to the quote. WIR sits as an external AI layer on top of the insurer's core, so each decision record shows which features drove the risk score, which rule triggered the action, and which factors set the premium. This is explainability by design, not a promise of perfect prediction.
Is the audit trail complete and exportable?
Yes. WIR writes back a complete, immutable, and queryable record for every decision, attached to the quote. The trail captures inputs and their source, document extraction confidence, model and rule versions, feature contributions, price components, the recommended action, escalation status, and the final human action with any override reason. Because the layer is external and writes structured records, each decision stays independently inspectable for auditors, regulators, and the ouvidoria without touching the core.
How does the model stay calibrated to the underwriting manual?
WIR's Machine Learning is calibrated to the insurer's own underwriting manual and risk appetite, not a generic model. During the fixed-scope Setup of 3 to 12 months, the insurer's rules, thresholds, exclusions, and appetite are encoded into the layer, then validated in shadow mode against historical and live submissions. The insurer sets the auto-decide and escalation thresholds, and every recalibration is itself versioned and auditable as the manual changes.
Is data encrypted and LGPD compliant?
Yes. Data is encrypted in transit and at rest at every step, with access control and logging from intake through decision write-back, fully LGPD compliant. This supports the LGPD right to review of automated decisions, so a declined or surcharged applicant can ask why and receive clear information about the criteria used. WIR is an external AI layer that never carries risk and never replaces the insurer's core.
Can the AI escalate the decision to a human underwriter?
Yes. Borderline or out-of-appetite risks escalate to a human underwriter rather than being forced through. The insurer sets the escalation thresholds during calibration, and the layer records whether it auto-decided or escalated, the rule that triggered it, and the underwriter's final action with any override reason. WIR never describes its engine as infallible. The mechanism is human escalation on low-confidence cases plus a full audit trail.