ReferralCiergePartner-enabled underwriting governance
Role

BRK-2026-0142

SME Technology Client

Broker Partner A · Technology / SaaS · Limit requested $5.0m

Awaiting Manager AuthoritymodifyActive role: Underwriter 1

Broker submission

What the platform received

Broker
Broker Partner A
Insured
SME Technology Client
Sector
Technology / SaaS
Carrier
Digital Specialty Insurer
Revenue band
USD 5m – 25m
Employee band
25 – 100
Coverage requested
Cyber Liability · Technology E&O · Ransomware Extension · Contingent Business Interruption
Risk controls summary
mfa coverage
partial — admin accounts only
backup segregation
unclear — broker note ambiguous
edr coverage
not stated
incident history
ambiguous answer to prior 36-month question
contractual liability
elevated — multiple downstream SaaS contracts

Automated referral flags

Why the platform did not bind

6 flag(s)
MFA_INCOMPLETE
MFA coverage incomplete — admin-only
HIGH
BACKUP_SEGREGATION_UNCLEAR
Backup segregation unclear
MEDIUM
EDR_EVIDENCE_MISSING
EDR evidence missing
HIGH
PRIOR_INCIDENT_AMBIGUOUS
Prior incident answer ambiguous
MEDIUM
CONTRACTUAL_LIABILITY_REVIEW
Contractual liability exposure — review required
MEDIUM
RANSOMWARE_OUT_OF_APPETITE
Requested ransomware wording outside normal appetite
HIGH

Underwriting assistant

Advisory note

Advisory only — no decision authority

Risk presents as a mid-market technology operator with partial cyber hygiene and an elevated contractual liability profile. Several declarations are incomplete or ambiguous and the requested ransomware extension sits outside the published appetite band. Recommend referral to underwriter with structured broker clarification before any indication of terms.

Missing information
  • — Confirmed MFA enforcement across all privileged and remote-access accounts
  • — Backup segregation architecture and immutable copy attestation
  • — EDR vendor, coverage percentage and 24/7 monitoring arrangement
  • — Clarification of prior cyber incidents in last 36 months
  • — Sample of largest 3 downstream customer contracts (liability caps and indemnities)
Suggested referral questions
  • Q1. Please confirm whether MFA is enforced for all privileged accounts AND all remote workforce access, including third-party administrators.
  • Q2. Provide architecture statement confirming backups are segregated from production identity / domain and include at least one immutable copy.
  • Q3. Confirm EDR vendor, the percentage of endpoints in scope, and whether monitoring is 24/7 in-house or via an external SOC.
  • Q4. Please clarify the prior incident question for the last 36 months — specifically whether any event involved data exfiltration, regulator notification, or ransom demand.
  • Q5. Provide the liability cap and indemnity profile for your three largest customer contracts to assess contractual exposure.
Appetite observations
  • — Requested ransomware extension exceeds the published appetite band for technology accounts at this revenue tier.
  • — Contractual liability profile suggests a sub-limit may be more appropriate than the requested aggregate.
Next best actions
  • — Issue structured broker clarification request (advisory — underwriter to approve)
  • — Hold pricing until evidence pack returns
  • — Capture appetite signal for Product Lead review

Advisory only — generated deterministically from submission fields. The underwriter remains the decision-maker.

Broker clarification

Request evidence pack

Select questions to send
Underwriter notes
Clarification sent
2026-05-20T18:56:07.387314+00:00 · Underwriter 1
  • Q1. Confirm MFA
  • Q2. Provide backup architecture

Broker evidence

Custody & withholding

Authority required

The current role Underwriter 1 does not have authority to perform this action. Switch role to proceed.

Broker decides what to share
  • MFA enforcement attestation (signed)
    ev:mfa-attest-2026-001 · Broker Partner A
  • Backup architecture statement with immutable copy diagram
    ev:backup-arch-2026-001 · Broker Partner A
  • EDR coverage report (95% endpoints)
    ev:edr-coverage-report · SME Technology Client
  • Prior incident clarification narrative
    ev:incident-clarification · Broker Partner A
  • Top-3 customer contracts (full text)
    ev:customer-contracts-redacted · SME Technology Client
  • Raw SOC logs (90 days)
    ev:soc-logs-raw · SME Technology Client
Evidence CustodyRaw evidence stays at source · references shared only
Shared with insurer(1)
  • MFA attestation
    ref: ev:mfa-attest · custodian: Broker Partner A
Withheld at source(1)
  • Raw SOC logs
    ref: ev:soc-logs · retained by SME Technology Client

Withheld content never leaves source. Only a count is recorded on the receipt.

Underwriter decision

Approve, modify, decline or escalate

Final authority lives here
Rationale
Pricing note
Structure note
Exclusions (one per line)
Decision recorded
modify
2026-05-20T18:56:07.645703+00:00 · Underwriter 1

Accept on modified basis with MFA enforcement and ransomware sub-limit

Pricing: +12%

Structure: sub-limit

Exclusions: Ransomware Extension

Appetite feedback loop

Signal to product / portfolio

Portfolio learning
Authority required

The current role Underwriter 1 does not have authority to perform this action. Switch role to proceed.

Affected coverages
Commentary
Appetite signal recorded
APPETITE REVIEW NEEDED
2026-05-20T18:56:07.850278+00:00 · Product Lead

review ransomware band

Latest governed action

Signed receipt

KATLAS Receiptappetite_feedback_receipt
unsigned
Receipt Hash
sha256:873ad3b103fa6f1132bfb1295a23e09ac546d11251450bebf7e0488c61b1cfc6
Signer Reference
unsigned-local-record
Node Timestamp
2026-05-20T18:56:07.850829+00:00
Event ID
app_ee866420b63a4d9b
Policy Reference
BRK-2026-0142
Actor → Counterparty
Product Lead → Underwriting Manager
Outcome
appetite_review_needed
Shared Evidence
Withheld Evidence
0 item(s) — kept at source
Artifact Hash
sha256:fde8059d62d462c6888b495d8ef4e782347501718cf1f4a7adb44d6f23de124d
CAR Summary on Receipt
Custody

Insurer holds appetite signal; no raw broker data shared

Authority

Product Lead authorised to record appetite signal

Receipts

Appetite feedback recorded for portfolio leadership

Public-safe metadata only · raw envelope kept server-side
Public receipt

Audit trail

4 receipt(s) recorded

broker_clarification_request
sha256:a70868c799863f97c3a6cdfee728e3f72f2931b5573a8e0976a59362f66b9ca9
unsigned
Public →
evidence_custody_update
sha256:f1ae4c6acf308af90d1bb2bba0e77e5140088d601beec158ed46b08da9058dd0
unsigned
Public →
underwriting_referral_decision
sha256:e8c95113f12fa40077b8c5c6e18218cfdfa00cbe7487a599f5421b1a3c27f62f
unsigned
Public →
appetite_feedback_receipt
sha256:873ad3b103fa6f1132bfb1295a23e09ac546d11251450bebf7e0488c61b1cfc6
unsigned
Public →

Made with Emergent