What does Vortic actually do for an underwriter?

Vortic takes a broker submission — PDF, email, spreadsheet — and returns a fully cited underwriting memo in under 30 seconds. Insured details extracted and reconciled, postcode pulled to flood zone, loss history surfaced, TIV sanity-checked across line items, pricing benchmarked, treaty utilisation projected, compliance red-flags raised. The underwriter reads the memo and clicks bind, decline, refer, or query. Judgment stays with the human. The lookups go to the system.

What underwriting lines does Vortic support?

Today: commercial property and casualty across the US and UK, including US E&S coastal, retail commercial, program business, and Lloyd's coverholder books. Specialty lines (cargo, professional liability, construction, cyber) are supported with custom agent prompts during onboarding. We do not currently target retail personal lines.

How long does onboarding take?

Two weeks from contract to first live submission for a typical MGA. Week one: connect data sources (broker email inbox, existing book of bound risks, treaty programme). Week two: tune the risk agent against your appetite, adjust the memo template, set role permissions, train the team on Command Center.

How does Vortic handle data we cannot send to third-party LLMs?

Three layers. PII redaction before any model sees the submission — insured names, broker emails, postcodes are masked in the audit log by default. You choose which ground-truth lookups (flood, postcode, FEMA NFIP) join the prompt per-agent. Enterprise customers can route the platform to their own private LLM deployment so no inference traffic leaves the VPC.

How do you ensure the AI does not hallucinate flood zones, loss history, or pricing?

Ground-truth blocks. For factual claims — flood zone, ZIP/postcode, sanctions, regulatory thresholds — Vortic injects verified data from the source (FEMA NFIP, NOAA HURDAT2, OFAC SDN, postcodes.io, your loss-history database) directly into the prompt and instructs the model to cite or refuse. The memo carries explicit citations back to the source. If a lookup fails, the memo says "no data" instead of guessing.

What audit trail does the platform keep for compliance?

Every model call is logged with the prompt version, model used, tokens consumed, latency, and structured output. Every memo cites its sources. Every decision (bind / decline / refer / query) is captured immutably with the underwriter, the rationale, and the agent outputs at that moment. Designed against NAIC model governance bulletins and Lloyd's coverholder oversight from day one. The full audit table is exportable for state DOI or PRA submission.

How does Vortic integrate with our existing systems?

Inbound: a webhook endpoint where brokers (or your own broker portal) can POST submissions directly into your queue, authenticated with a bearer key. Outbound: HMAC-signed event webhooks fire on every bind / decline / refer to your policy admin system, treaty platform, or finance ledger. CSV import is available for bringing existing bound books into Vortic for portfolio analysis.

How does the team and permissions model work?

Four roles per organisation: owner, admin, member, viewer. Owners manage billing and ownership; admins manage members and integrations; members run pipelines and bind; viewers see decisions but cannot execute. Email-invite flow with a 14-day token. A user can belong to multiple organisations.

How do credits and pricing work?

Pay-as-you-go. $5 free on signup. $0.10 per credit, $20 minimum top-up, credits never expire. A full underwriting pipeline (parse + eight specialists + memo) costs around 18 credits ≈ $1.80 per submission. Enterprise pricing available with SSO, dedicated CSM, and routing to private LLM deployments.

What happens if a regulator asks why a specific risk was bound?

Open the submission history page. It shows every agent that ran, the inputs they received, the outputs they produced, the prompt version active at that moment, and the underwriter's final decision with timestamp and rationale. The full chain reconstructs in seconds. Built for the moment of regulatory scrutiny, not against it.

How does Vortic compare to ChatGPT or general AI tools?

A general AI tool can read a PDF and summarise it. Vortic runs specialist agents in coordinated parallel, grounds each one against verified data sources (EA, FEMA, postcodes.io, your loss-history), produces an underwriter memo with structured citations, sits behind a human bind gate, and logs every call for the regulator. Different problem, different posture.

Does Vortic replace underwriters?

No. Vortic automates extraction, ground-truth lookups, specialist analysis, and memo drafting. Underwriters retain judgment on bind, decline, refer, conditions, and broker conversations. Agents propose; humans dispose; the audit trail captures everything.

How fast can Vortic analyze a broker submission?

A typical full agentic pipeline run—including PDF parsing, parallel specialists (risk, flood, pricing, compliance, treaty, portfolio), and memo synthesis—completes in roughly 20–30 seconds end-to-end with streaming updates. Actual latency varies by document complexity and model routing.

Who should request access to Vortic?

Teams that bind commercial risks on delegated authority—MGAs, Lloyd's coverholders, binding-authority underwriters, wholesale brokers needing faster quote-back, carriers overseeing delegated partners, and reinsurers monitoring treaty utilisation. Early access is invite-only; use the signup form to describe your book and workflows.

Why use agentic underwriting instead of a single AI chatbot?

Specialist agents each have a narrow contract, dedicated prompts, and traceable outputs; they can run in parallel before synthesis into one memo. That yields faster bind-ready decisions, clearer citations to external data (flood, firmographics, market benchmarks), and an audit trail regulators expect—versus one opaque assistant thread.

Back to all posts

May 11, 2026·11 min read·Vortic team

Compliance software for MGAs: a guide to verified accuracy

How MGAs should evaluate compliance software in 2026. The difference between a sanctions screen, a verified-accuracy compliance layer, and a regulator-grade audit pack — and what to demand from any vendor.

TL;DR

"Compliance software" sold to MGAs in 2026 spans three completely different categories — sanctions screening, appetite-policy enforcement, and audit-grade decision tracing. Most vendors do one. The few that do all three are the ones a state-DOI inquiry won't blow up.

The three jobs MGA compliance software actually does

### Job 1 — Sanctions / KYC screening

Match the insured (and broker, and UBO) against OFAC SDN, EU consolidated, UK HMT, UN, and PEP lists. Flag matches above a configurable score threshold. Return a verifiable record of the screen.

Verified accuracy here means:

The exact list version and date the screen was run against
The score for each near-match
A linkable record on the source registry (e.g. the OpenSanctions entity URL)

If your vendor returns "no match" without showing you the list version, the score, and the source — you don't have verified accuracy. You have a green checkmark.

### Job 2 — Appetite / regulatory rule enforcement

Apply the MGA's underwriting authority and any state-by-state regulatory constraints. Flag when a submission falls outside delegated authority, requires senior referral, or hits a regulatory carve-out (admissibility, surplus lines tax, state DOI filings).

Verified accuracy here means:

The rule that fired is named explicitly
The rule's source (the underwriting agreement, state regulation, internal appetite memo)
The version of the rule at the moment the decision was made
An auditable record of any underwriter override, with notes

### Job 3 — Audit-grade decision tracing

For every bind / decline / refer / query, the MGA must be able to answer a regulator's "show me the reasoning" question with an exportable record. This isn't a log file — it's a structured pack: prompt versions, model outputs, citations, agent ratings, underwriter notes, timestamps.

Verified accuracy here means:

The decision is reproducible from the inputs alone
Every external data lookup (flood zone, sanctions, firmographics) has a provenance entry
Every LLM call has a model name, prompt hash, and token count stored immutably
Every underwriter override is captured

Why "verified accuracy" is the new bar

State DOIs and Lloyd's coverholder oversight have both raised the bar in 2025–26. The expectation now is:

Every decision is explainable without the underwriter being in the room
Every external claim ("the flood zone is X") is traceable to a source
Every model output is versioned so old decisions can be re-played against the prompt of the day
Every override is logged with a rationale

If a vendor demos compliance as "we screen the insured against OFAC" — they're solving 1 of the 3 jobs. Don't sign yet.

How to evaluate compliance vendors

A 30-minute demo question list:

1. Show me a real screen result. Not a marketing slide. A real result with score, list version, source URL, and timestamp. 2. Walk me through the audit pack for a specific bound risk. Show me the prompt versions, model outputs, citations, override history. 3. What happens when an external API (OpenSanctions, FEMA NFHL) fails? A real platform has a documented failure mode. A toy platform crashes silently. 4. Show me how a rule version is captured. Add a new appetite rule live in the demo. Show me the diff. Show me where it's stored. Show me how an old decision references the old version. 5. Export an audit pack to PDF. If they can't, they can't answer a state-DOI inquiry either.

If a vendor flinches at #4 or #5, they don't have verified accuracy.

The most common failure modes

Failure 1 — LLM-only sanctions check. The vendor asks the LLM "is this entity sanctioned?" The LLM hallucinates "no" and the audit trail is a chat log. This will not survive an inquiry.

Failure 2 — Snapshot-only audit. The vendor stores "the answer" but not the inputs, prompt version, or external-data state at the moment of decision. Regulator asks for re-play; you can't.

Failure 3 — Hardcoded rule library. The vendor ships a fixed appetite library that the MGA can't edit. Six months in, the rules drift from your actual underwriting authority. Audit fails.

Failure 4 — No PII redaction. Insured names and broker emails leak into model traces. Disclosable. Embarrassing.

What a verified-accuracy compliance stack looks like

Concretely:

Sanctions: OpenSanctions consolidated dataset (OFAC SDN, EU, UN, UK HMT, PEPs), SEC EDGAR for public-filer corroboration, Wikidata for adverse-media seed. Scored matches. Linkable provenance.
Appetite enforcement: Per-MGA editable rule library. Rules versioned, diff-able, rolled back. Override audit trail per submission.
Decision tracing: Per-step LLM prompt + output + token usage stored. External-data lookups timestamped + provenance-tagged. Underwriter overrides captured with rationale. Exportable to PDF / regulator format.
PII handling: Insured names, broker emails, financial account numbers redacted in agent traces by default. Optional un-redacted view behind RBAC.

How Vortic ships this

Live OpenSanctions screen on every submission (Integrated Data tab)
Live SEC EDGAR + Wikidata cross-checks for the insured
Per-agent prompt versioning + diff
Per-step audit trace stored in agent_traces (immutable)
Provenance footer on every external data lookup (FEMA NFHL, NOAA, USGS, etc.)
Override capture with notes
Decision PDF export on every bind/decline/refer/query

This isn't optional in our stack — it's the default.

Closing thought

If "compliance software" doesn't give you verified accuracy across all three jobs — sanctions, appetite, audit tracing — it's a marketing label, not a compliance stack. Build your evaluation around the five demo questions above. Walk if a vendor can't answer them.

complianceMGAsanctionsauditregulatory

Compliance software for MGAs: a guide to verified accuracy

TL;DR

The three jobs MGA compliance software actually does

Why "verified accuracy" is the new bar

How to evaluate compliance vendors

The most common failure modes

What a verified-accuracy compliance stack looks like

How Vortic ships this

Closing thought

Best LLM for underwriting in 2026 — a practical comparison

Underwriting rule customization & risk scoring: how AI platforms compare