Contents
New technologies have really shaken up the insurance world as of late, making things more efficient for everyone — insurers and customers alike. But if insurers don’t keep an eye on it, AI and Big Data might end up causing trouble, especially for protected groups. That’s exactly why the Colorado Division of Insurance (CDOI) stepped up with a specific Senate Bill (SB) 21-169.
Colorado regulation 10-1-1 or 3 CCR 702-10 requires that all life insurers using External Consumer Data and Information Source* (ECDIS) or ECDIS-based models adopt a governance framework. It is all about making sure no one gets unfairly treated based on things like race, gender, or any other protected characteristics. This means that insurers are about to get serious about checking their systems to make sure they’re offering fair services for everyone, and if they spot any biases, they’ll have to sort them out quickly.
The first milestone is approaching, as life insurers operating in Colorado are granted a compliance window until December 1, 2024, with an initial progress summary due by June 1, 2024.
Key aspects of the governance framework
Insurers that employ ECDIS-based models must submit a comprehensive report to summarize compliance and they also need to:
- Provide oversight using a committee in order to assess risks, set new strategies and monitor performance.
- Ensure that governing principles are respected with the sole purpose of preventing unfair discrimination in the use of ECDIS, algorithms, and predictive models.
- CDOI’s 10-1-1 Regulation applies to all life insurers that are authorized to conduct business in the state of Colorado.
- Implement working processes and systems to handle customer complaints and other inquiries.
- Establish a cross-functional team that is trained and able to use these tools in a proficient way.
- Develop a risk-assessment system that prioritizes any emerging risks that can impact consumers.
- Update their inventory of ECDIS, algorithms, and their predictive models, tracking any and all-important changes.
- Test and monitor their systems in order to find and address discrimination and/or bias.
- Initiate regular reviews to make sure their governance framework is kept up to date.
More information about this regulation can be found in our previous blog post.
What should happen by June 1st?
Insurers that use ECDIS and algorithms and/or predictive models that employ ECDIS must submit their progress report by June 1, 2024, showcasing the areas that are still under development. Also, by December 1st, 2024, insurers must submit a comprehensive report that describes the steps they’ve taken to achieve compliance, including the following information: the title and qualifications of each individual responsible for ensuring compliance and the section of the regulation that the person is responsible for. Furthermore, this report has to be signed by an officer in order to verify compliance.
Recent developments regarding AI regulations in the state of Colorado
This month, Colorado has introduced a new bill, SB24-205 Consumer Protections for Artificial Intelligence, that augments its Consumer Protection Act by adding Part 16, targeting the regulation of high-risk artificial intelligence (AI) systems, with the goal of mitigating algorithmic discrimination. This legislation primarily concerns developers and deployers of such AI systems operating within the state.
Deployers, under Section 6-1-1603, must follow similar due care protocols to guard consumers against discriminatory risks. This includes managing a risk program, conducting impact assessments, and notifying consumers when high-risk AI makes significant decisions about them. They must also offer an appeal process for adverse decisions and make disclosures on their websites detailing their AI systems and risk management strategies. Should any discrimination occur, deployers are obligated to report to the Attorney General. The bill additionally stipulates that consumers be made aware when interacting with AI, unless it is apparent.
Small businesses on the other hand, may be exempt from certain provisions, mitigating the regulatory burden on these entities. These regulations aim to promote transparency and accountability in the use of AI, ensuring it upholds fairness and does not propagate bias or unequal treatment based on attributes like age, ethnicity, or disability.
For more detailed information on this new regulation, we invite you to follow Lumenova AI’s blog.
Lead Your Organization to Responsible AI with Lumenova AI
Lumenova’s Responsible AI (RAI) platform can assist insurers in complying with Colorado’s 10-1-1 regulation, which focuses on governance and risk management to ensure adherence to legal standards by monitoring governance protocols, allowing you to stay ahead of regulatory requirements. If your company finds itself impacted by the recent legislation, we stand ready to provide extensive support, ensuring continued compliance while fostering successful business transformation.
Discover how Lumenova AI’s RAI platform can help your organization navigate the complexities of AI deployment by requesting a demo, or contact our AI experts for more details.
(*) External Consumer Data and Information Source (ECDIS) means a data or an information source that a life insurer uses to supplement or supplant traditional underwriting factors or other insurance practices or to establish lifestyle indicators such as credit scores, social media habits, locations, purchasing habits, home ownership, educational attainment, licensures, civil judgments, court records, occupations that aren’t linked to mortality, morbidity or longevity risk, Internet of Things data, biometric data, and any other similar data and/or information sources.