On July 11, 2024, the New York State Division of Monetary Providers (NYSDFS) adopted a last round in regards to the “Use of Artificial Intelligence (“AI”) Methods and External Shopper Data and Data Sources in Insurance coverage Underwriting and Pricing” (the “Circular”).
This Circular was issued as steerage to the insurance coverage business and imposes vital obligations on insurers utilizing synthetic intelligence techniques (“AIS” or “AI techniques”) or exterior shopper knowledge and data sources (“ECDIS”) for underwriting and pricing. The Circular alerts NYSDFS’ enforcement priorities.
Who Does the Circular Apply to?
The Circular applies to ECDIS, AIS, and different predictive fashions utilized in reference to the underwriting and pricing of insurance coverage insurance policies and annuity contracts issued by:
- Insurers which are approved to put in writing insurance coverage in New York;
- Article 43 companies;
- Well being upkeep organizations (HMOs);
- Licensed fraternal profit societies (FBSs); and the
- New York Insurance coverage Fund.
Why Was the Circular Issued?
NYSDFS appreciates that ECDIS and AIS can profit insurers and customers by simplifying and expediting insurance coverage underwriting and pricing processes. Nevertheless, NYSDFS expressed concern in regards to the potential for unfair antagonistic results or discriminatory resolution-making from using ECDIS and AIS, together with using third-occasion distributors.
They’re notably nervous in regards to the method during which ECDIS and AIS might disproportionately have an effect on susceptible communities and people or in any other case undermine the insurance coverage market in New York.
What Methods Does this Circular Apply to?
AIS is outlined within the Circular as “any machine-primarily based system designed to carry out features usually related to human intelligence, similar to reasoning, studying, and self-enchancment, that’s used–in complete or partially–to complement conventional well being, life, property or casualty underwriting or pricing, as a proxy for conventional well being, life, property or casualty underwriting or pricing, or to determine ‘life-style indicators’ which will contribute to an underwriting or pricing evaluation of an applicant for insurance coverage protection.”
ECDIS is outlined within the Circular as “knowledge or data used–in complete or partially–to complement conventional medical, property or casualty underwriting or pricing, as a proxy for conventional medical, property or casualty underwriting or pricing, or to determine ‘life-style indicators’ which will contribute to an underwriting or pricing evaluation of an applicant for insurance coverage protection. ECDIS doesn’t embrace an MIB Group, Inc. member data alternate providers, motorized vehicle studies, prescription drug knowledge, or prison historical past searches.”
How Can Topic Firms Comply?
1. Preserve Current Practices
Firms can comply primarily through the use of ECDIS and AIS in compliance with all native, state and federal legal guidelines. An insurer ought to have processes already in place to make use of ECDIS or AIS in underwriting or pricing except the insurer has decided that the ECDIS or AIS doesn’t acquire or use standards that may represent unfair or illegal discrimination or an unfair commerce apply.
2. Set up a Company Governance Framework
Insurers are required to ascertain a company governance framework that’s acceptable for the character, scale, and complexity of the insurer, guaranteeing compliance with authorized and regulatory necessities.
This governance requires establishing ample formal written insurance policies and procedures, assigning competent employees, overseeing mannequin threat administration, guaranteeing efficient problem and unbiased threat evaluation, reviewing audit findings, instituting AI coaching, and taking immediate remedial motion when obligatory.
3. Have Board and Senior Administration Oversight
As a part of this company governance framework, insurers are required to have board oversight and senior administration accountable for ECDIS and AIS techniques. Senior administration is accountable for the day-to-day implementation of the insurer’s improvement and administration of ECDIS and AIS, according to the strategic imaginative and prescient and threat evaluation of the board or different governing physique.
4. Implement Sufficient Written Assessments, Documentation, and Testing of ECDIS and AIS
An insurer shouldn’t use ECDIS or AIS in underwriting or pricing except they’ll set up by a complete evaluation, documentation, and testing that the underwriting or pricing pointers are usually not unfairly or unlawfully discriminatory in violation of the NYS Insurance coverage Legislation.
5. Implement a Third-Occasion Vendor Overview Program
Insurers retain accountability for understanding any instruments, ECDIS, or AIS utilized in underwriting and pricing for insurance coverage that had been developed or deployed by third-occasion distributors. They need to additionally guarantee such instruments, ECDIS, or AIS adjust to all relevant legal guidelines, guidelines, and laws, together with discrimination.
To cut back third-occasion threat and guarantee acceptable oversight of third-occasion distributors, insurers ought to develop:
(i) written requirements, insurance policies, procedures, and protocols for the acquisition, use of, or reliance on ECDIS and AIS developed or deployed by a 3rd-occasion vendor for pricing or underwriting; and
(ii) embrace relevant AI phrases of their vendor contracts.
6. Be Clear with Clients
The place an insurer is utilizing ECDIS or AIS, the discover to the insured or potential insured, or medical skilled designee ought to disclose:
(i) whether or not the insurer makes use of AIS in its underwriting or pricing course of;
(ii) whether or not the insurer makes use of knowledge in regards to the individual obtained from exterior distributors; and
(iii) that such individual has the proper to request details about the precise knowledge that resulted within the underwriting or pricing resolution, together with contact data for making such request.
A failure to make these disclosures could represent an unfair commerce apply, in line with the NYSDFS.
Different State Actions
Insurers should adjust to different AI-relevant authorized necessities, which can fluctuate by state. The NYSDFS round follows the Colorado Division of Insurance release of its Algorithm and Predictive Model Governance Regulation (AI regulation) governing life insurance coverage; the California Insurance coverage Commissioner’s Bulletin 2022-5 on Allegations of Racial and Unfair Discrimination in Advertising, Score, Underwriting and Claims Observe by the Insurance coverage Trade; and the Texas Division of Insurance coverage Commissioner’s Bulletin #B-0036-20 entitled “Insurer’s use of third-occasion knowledge.”
A further fifteen states have adopted the NAIC Mannequin Bulletin entitled “Use of Artificial Intelligence Methods by Insurers,” issued in December 2023. This implies insurers regulated by these states should adjust to the phrases of the mannequin bulletin below the state’s authority to stop unfair commerce practices as to its personal developed fashions and third-occasion fashions.
The necessities of the mannequin bulletin require:
- minimally instituting a strong, written AI governance construction documenting using AI techniques by the insurance coverage life cycle from product improvement by implementation to say administration;
- ongoing monitoring and updating;
- guaranteeing that there are not any discriminatory, extreme, or insufficient insurance coverage charges by using AI and machine studying;
- adopting controls to mitigate AI threat of antagonistic shopper outcomes; and
- creating testing and verification of AI fashions.
The Bulletin asserts that third-occasion AI system use may also be investigated. Insurers are required to finish due diligence on suppliers and have complete contracts in place relating to knowledge safety, knowledge utilization, knowledge sourcing, auditing, and testing.
Enforcement
Insurers ought to count on that regulators could ask them to reveal compliance with the above necessities by any regulatory audit, investigation, examination, or enforcement motion.