Like in many other sectors, personal data and algorithms are increasingly being used by insurers in their underwriting, claims, and rating practices. Whilst these advances can bring benefits, concerns have been raised about the quality of information sources and the rationale for using algorithms, particularly because insurance practices are high-risk and minority groups could be especially vulnerable to discrimination.
Colorado revised its insurance legislation in July 2021 to reflect these concerns, with its General Assembly enacting legislation that restricts insurers’ use of ‘external consumer data’, prohibits data, algorithms, or predictive models from unfairly discriminating, and requires insurers to test their systems and demonstrate that they are not biased. The statutes, which is enabled by Senate Bill 21-169, is beginning to inform various aspects of Colorado’s insurance policy.
In 2023, for example, the Colorado Division of Insurance (CDI) have begun the process of engaging with stakeholders to implement elements of the law into their life insurance regulations. The CDI’s aim is to create a cross-functional group within insurers to oversee external customer data and information sources (ECDIS) and AI model usage.
Here are 10 things you need to know about this the Colorado General Assembly’s SB21-169 legislation.
Insurers are prohibited from unfair discrimination in insurance practices and the use of external customer data and information sources or algorithms and predictive models that unfairly discriminate.
Insurers are required to:
i) outline the type of external customer data and information sources used by their algorithms and predictive models;
ii) provide an explanation of how the external consumer data and information sources, and algorithms and predictive models are used;
iii) establish and maintain a risk management framework designed to determine whether the data or models unfairly discriminate;
iv) provide an assessment of the results of the risk management framework and ongoing monitoring; and
v) provide an attestation by one or more officers that the risk management framework has been implemented.
Under the coverage of the legislation, computational or machine learning process used to inform human decision-making in insurance practices.
A process of using mathematical and computational methods that examine current or historical datasets for underlying patterns and calculate the probability of an outcome.
A data or information source that complements an insurance practice or provides lifestyle indicators. Examples of sources include credit scores, social media habits, purchasing habits, home ownership, educational attainment, locations, occupations, licensures, civil judgements, and court records.
Unfair discrimination occurs when external customer data and information sources or algorithms or predictive models correlate with protected characteristics (race, colour, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity or gender expression) and result in a disproportionately negative outcome for these groups that exceeds the reasonable correlation to the underlying insurance practice (in respect to losses and underwriting costs etc.).
Insurers are not required to collect data relating to race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
The Colorado Division of Insurance has begun the process of establishing bespoke rules for specific types of insurance and insurance providers, starting with the life insurance sector. As of August 2023, the CDI has held multiple rounds of stakeholder meetings discussing how the law should inform their regulations on how life insurance companies use external consumer data and information sources. Liaison regarding the future of private passenger auto underwriting meanwhile began in June. Both areas are expected to undergo further revisions before they progress past the draft stage.
The SB21-169 legislation does not apply to title insurance, bonds executed by qualified surety companies, or insurers issuing commercial insurance policies. It does apply to insurers that issue business owners’ policies or commercial general liability policies if these policies have annual premiums of $10,000 or less.
It was originally stated that the new rules, which will be implemented on a sector-by-sector basis, would not come into effect until 1 January 2023 at the earliest. Deliberative stakeholder meetings began at the start of the year but, as yet, no new rules have come into effect. There is no forecast as to when exactly the rules will leave the draft stage, but further stakeholder meetings for both the life insurance and the private passenger auto underwriting domains are pencilled in for the coming months, as of August 2023.
Holistic AI can help your firm:
Speak with us to find out more about how we can support your journey towards compliance.
Despite, AI specific regulation on a federal level being nascent, firms in the US should heed with caution as a precedent for civil liability is slowly being built. Recent examples include an ongoing lawsuit against insurance company State Farm; where it is alleged that their automated claims processing has resulted in algorithmic bias against black homeowners.
More recently, the State of Michigan reached a $20 million USD settlement with Michigan residents wrongly accused of fraud by an automated system used by the state. State governments and agencies are not letting this go unnoticed. For example. in New York, the Department of Financial Services reserves the right to audit and examine an insurer’s underwriting criteria, programs, algorithms, and models, to ensure algorithms are not in breach of existing law and insurance regulations.
However, proposals from the federal level are also being seen. For example, the Algorithmic Accountability Act is a proposed federal law that would require companies to assess the impact of the automated systems they use and sell in terms of bias and effectiveness.
Shaping up to be the body with the most hunger to regulate AI in the US, Bloomberg has predicted that 2023 will be marked by a determined, and aggressive FTC. Backed by its three-for-three records in getting settlement orders against companies that were investigated for their use or development of algorithms through suspiciously acquired data, this prediction is likely to ring true.
DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.
Schedule a call with one of our experts
DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.
Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.
The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.
