Insurance policy portfolio review

If you are a founder, finance lead, or ops lead at a growing company, your insurance portfolio is one of the few areas of spend where you are structurally disadvantaged. Policies are written in dense legal language. The broker is paid by the insurer or by your premium volume, so interests don’t fully align. The renewal cycle pressures you to accept the proposal because the alternative is being uninsured for a week.

The result is a portfolio with overlapping coverages (general liability and product liability covering the same risks), gaps that surface during a claim (“turns out our cyber policy excludes exactly the kind of breach we just had”), and premiums that have grown 30% year over year without anyone fully understanding why.

The fix is to move policy reading away from “ask the broker” and into structured analysis you can review independently. An LLM — the technology behind ChatGPT, Claude, and Gemini — pulls the key terms from every active policy. A gap-and-overlap analysis surfaces the issues. The renewal conversation starts with data rather than with the broker’s PDF.

This piece walks through the pipeline: the extraction schema, the gap-finding logic, the exposure-mapping pass that catches risks the existing policies don’t cover, and the renewal-prep workflow that turns the annual cycle from reactive into informed.

Use this if you have 5+ active insurance policies (general liability, D&O, E&O, cyber, workers’ comp, property, EPLI, etc.), your annual premium spend is meaningful, and the renewal conversation typically happens on the broker’s timeline rather than yours. Common fits: companies past series A, services businesses with E&O exposure, tech companies with cyber and D&O policies, organisations with significant property or workers’ comp.

Don’t use this if your portfolio is one or two simple policies (manual review is faster), you’ve delegated insurance entirely to a fractional CFO or CFO-as-a-service who handles this (their process probably already covers it), or your business has truly bespoke risk (high-end specialty insurance) where the policies are unique enough that pattern-extraction is less useful than direct legal review.

• The active policy documents — PDFs from your broker or directly from carriers. Most brokers will send the full policy if asked; declarations pages alone aren’t enough for gap analysis.
• A model API key with long-context support — insurance policies are 30–80 pages typical, occasionally longer.
• A list of major exposures your business actually has: revenue, employee count, geographic operation, technology platforms, products / services, regulated activities. The gap-analysis compares coverage against actual exposure; without the exposure list, gaps are theoretical.
• An adviser or fractional CFO / risk manager who can validate the AI’s gap findings. The AI is an extraction and analysis layer; the judgement on which gaps matter remains human and benefits from someone with insurance domain knowledge.

1. Extract coverage details with structured output — every policy, the same schema

   For each policy, extract: policy type (GL, D&O, E&O, cyber, etc.), carrier, policy number, effective dates, named insureds, coverage limits (per occurrence, aggregate, sublimit by category), deductibles / retentions, key exclusions, endorsements / riders, premium, renewal date, notice-of-cancellation window. Use the structured-output features of your LLM API. Same schema across all policies makes the cross-policy comparison possible; bespoke per-policy extraction makes the analysis impossible to consolidate.

2. Pull exclusions explicitly — that’s where the gaps live

   Exclusions are the most operationally important section of every policy and the most commonly skipped. For each policy, extract the exclusion list with verbatim text. Common patterns to look for: war / terrorism exclusions, pandemic exclusions (post-2020 some policies added these), specific cyber-attack types excluded from cyber policies (social engineering, wire fraud), employment-practice exclusions on D&O policies. The exclusion list is what tells you what the policy doesn’t cover; the limits tell you the boundary, the exclusions tell you the holes.

3. Build the coverage matrix — policy type × risk category

   From the extracted data, build a matrix: rows are risk categories (bodily injury, property damage, intellectual property, employment practices, cyber breach, professional liability, etc.); columns are your policies; cells show which policy covers each risk (and the limits / sub-limits). The matrix makes overlaps visible (two policies covering the same risk with limits that don’t combine usefully) and gaps visible (a risk category with no policy coverage at all). Visual matrix beats narrative analysis; the matrix is what the renewal conversation references.

4. Run the gap analysis — exposure vs coverage

   For each major exposure in your business, check the matrix: is there coverage? Is the limit adequate for your scale? Are there exclusions that materially limit the coverage? Common gap findings: a tech company with no cyber breach-response coverage; a services company with E&O limits below the value of typical engagements; a company in multiple states whose workers’ comp lists only one state. The gap analysis surfaces these; the validation pass with the adviser converts findings into renewal asks.

5. Generate the renewal-prep document — gaps, overlaps, questions for the broker

   Before each renewal, produce a structured doc: identified gaps (here’s the exposure, here’s the missing coverage), identified overlaps (these two policies seem to cover the same risk, can we consolidate?), specific questions for the broker (the cyber policy excludes social engineering — what’s the cost to add that coverage?), and a benchmark of last-year coverage vs this-year proposal. The doc is the renewal conversation’s input; you walk into the meeting with the broker armed with specific questions rather than a vague sense of what’s wrong.

6. Track changes year-over-year — premiums, limits, exclusions

   At each renewal, store the extracted policy alongside the prior year’s. Build a year-over-year comparison: premium up X%, limit changed from Y to Z, new exclusion added. The comparison catches the silent erosions — limits that crept down, exclusions that quietly expanded, premiums that went up without a corresponding coverage upgrade. Brokers occasionally surface these; sometimes they don’t. Year-over-year tracking is what makes the renewal cycle accumulate knowledge rather than start from zero each year.

The gap-and-overlap findings are the operational value. The premium savings are bonus when they materialise; the strategic value is having an informed conversation with the broker about your actual risk profile.

Modern digital insurance brokers (Embroker, Newfront, Vouch, Founder Shield). Increasingly bundle policy-portfolio dashboards that show coverage at a glance. Right answer if you’re working with a modern broker that provides this transparency. Trade-off: the dashboard reflects the broker’s view, which is helpful but not independent.

Hire a fractional risk manager or insurance consultant. For one-time portfolio reviews or pre-renewal analysis. Insurance domain expertise is genuinely valuable; the AI extraction layer complements rather than replaces it. Many teams do this annually pre-renewal as a check on the broker’s proposal.

Trust the broker, review by exception. The traditional approach. Works when the broker is excellent and aligned with your interests; less reliable as a default. Best paired with a periodic independent review (every 2–3 years if not annually) to catch drift.

Don’t review — accept whatever the broker proposes. Honest answer for very-early-stage companies where the portfolio is small and the premium spend is modest. Becomes increasingly indefensible as portfolio and premium grow; the threshold to invest in informed review is usually around $50K-$100K annual premium spend.

For the broader contract-extraction pattern this builds on, see Contract review and clause extraction. For tracking renewal dates across the portfolio, see Lease and vendor renewal tracking. For the document-extraction pattern that powers the policy text extraction, see Extract structured data from PDFs. For the broader risk-and-compliance lens, see AI risk assessment for legal and compliance teams.