Colorado Division of Insurance scales back its proposed regulation of AI in the life insurance industry

The Colorado Division of Insurance recently released a revised draft regulation regarding governance and risk management framework requirements for life insurance companies operating in the state of Colorado that use external consumer data (including, algorithms and predictive models built on such data) in their rating practices.

The draft life insurance regulation is the first proposed regulation implementing Colorado Senate Bill 21-169, a leading-edge, first-of-its-kind statute addressing the consideration of big data and artificial intelligence (AI) in the insurance industry. SB 21-169 takes aim at potential discriminatory impacts resulting from the use of algorithms and predictive models employed in insurance rating, underwriting, claims handling, and other business practices.

The revised draft life insurance regulation significantly scales back from the prior draft release in February. Significantly, the revised draft no longer focuses on “disproportionately negative outcomes” which would have included results or effects that “have a detrimental impact on a group” of protected characteristics “even after accounting for factors that define similarly situated consumers.” Removing that term altogether, the revised draft shifts focus to requiring “risk-based” governance and management frameworks. This change is significant – not only aligning the revised draft with traditional insurance regulation, but representing a sensible, incremental step forward for such regulation.

However, while the revised draft is less burdensome than the first draft, it still places significant requirements on life insurers. Those include requirements that life insurers establish “risk-based” frameworks for the use of external consumer data and information sources (ECDIS) in any insurance practice (including claims, ratemaking, and pricing). Moreover, the regulation requires implementation of those frameworks with respect to any algorithms and predictive models using or relying on ECDIS.

Under the revised draft, life insurers must test their algorithms and models to evaluate whether any unfair discrimination results from their use and must implement controls and processes to adjust their use of AI as necessary. The regulation would make boards and senior managers hold “responsibility and accountability for setting and monitoring” overall strategy regarding the use of algorithms and predictive algorithms using ECDIS. Furthermore, the regulation would require senior manager to handle “providing direction on the use of ECDIS, and algorithms and predictive models that use ECDIS.” Life insurers will be required to implement reporting structures that include “regular reporting to senior management on the performance and potential risks of ECDIS, and the algorithms and predictive models that use ECDIS.”

The revised draft regulation also requires documentation be maintained by life insurers using ECDIS including descriptions and explanations of how ECDIS is being used and how life insurers are testing their use of ECDIS for unfair discrimination. This documentation must be available upon the regulator’s request. Additionally, each insurer must make reports to the Colorado Division of Insurance, including a narrative report summarizing the company’s progress toward complying with the regulation.

If you would like to discuss how this draft regulation affects your company and possible strategies for compliance, please contact any of the authors. To find out more about our AI and Data Analytics work, please visit this page.