March 2024
Colorado's Senate Bill 21-169, which seeks to prevent unfair discrimination in insurance practices through the use of external customer data or algorithms, was adopted on 6 July 2021 and came into effect on 1 January 2023. The law requires the Commissioner on insurance to develop specific rules for different types of insurance and insurance practices in collaboration with relevant stakeholders. Rules have already been adopted for life insurance, with a framework that requires life insurers to establish a risk-based governance and risk management framework to support policies, procedures, and systems to determine whether the use of external customer data or predictive models could result in unfair discrimination. Rules are still being developed for private passenger auto insurance, while the consultation process is underway for health insurance. Insurers must provide reports to the Division summarizing the results of testing conducted annually from 1 April 2024.
American policymakers are increasingly regulating the use of AI in the insurance sector to ensure fair and safe deployment. Insurance applications are considered high-risk due to their significant impacts on consumers' lives. Multiple laws with various approaches have been proposed to address and mitigate bias and increase transparency. Existing laws also apply to AI, and the regulatory landscape is rapidly evolving. Several US laws have been implemented or proposed to regulate insurance.
December 2023
Colorado SB-169 and New York's A08369 are laws aimed at protecting consumers from unfair discrimination in insurance practices by restricting insurers' use of external consumer data, algorithms, and predictive models. The laws define external customer data and information sources, algorithms, and predictive models, and prohibit their use if they result in disproportionately negative outcomes for protected classifications such as race, ethnicity, gender, and more. The laws also require specific rules for the types of insurance and insurance practices, as well as a risk management framework and ongoing monitoring. The superintendent or commissioner of insurance is responsible for developing these rules and conducting stakeholder consultations and investigations. Commercial policies, bonds executed by qualified surety, and title insurance are exempted from these laws. Insurtech is facing increasing regulation globally, and businesses must stay compliant to gain a competitive edge.
October 2023
Colorado has passed a law prohibiting unfair discrimination in insurance practices, targeting external customer information sources, algorithms, and predictive models. The law prohibits discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. The Colorado Commissioner of Insurance is tasked with developing specific requirements for different types of insurance and insurance practices. Life insurers must carry out quantitative testing using cumulative data collected up until 31 December of the previous year and all years prior to determine whether there is a statistically different disapproval rate or difference in premium rate per $1000 face value amount of policies for Hispanic, Black, and Asian Pacific Islanders compared to White insureds. Noncompliance with the regulation can result in sanctions.
August 2023
The EU AI Act will impose obligations on insurance providers using AI, with requirements evolving through rounds of legislative fine-tuning and negotiations. Initially, insurance practices were not considered high-risk, but amendments from the Slovenian Presidency and European Parliamentary Committees brought AI systems used for insurance premium setting, underwriting, and claims assessments under high-risk requirements. The final text adopted in June 2023 focused on AI systems used to make or influence decisions about eligibility for health and life insurance as high-risk applications. Insurance providers using AI for this purpose must comply with seven requirements for high-risk systems, including risk management, data governance, transparency, human oversight, and accuracy and cybersecurity. Non-compliance could result in a fine of up to 40 million euros or 7% of global turnover.