New York Department of Financial Services Issues Proposed Circular Letter on Use of AI in Insurance Industry
February 22, 2024
By: Marc J. Krawiec
On Jan, 17, 2024 the New York State Department of Financial Services (NYDFS) issued a proposed circular letter addressing the use of artificial intelligence systems (AIS) and external consumer data and information sources (ECDIS) by licensed insurers (Proposed Guidance).
The Proposed Guidance follows the issuance of a model bulletin by the National Association of Insurance Commissioners (NAIC) in December 2023 concerning the use of AIS by insurers, and the adoption of regulations by the Colorado Commissioner of Insurance in November 2023 concerning the use of ECDIS, algorithms and predictive models by life insurers. NYDFS has encouraged interested parties to provide feedback on the proposed guidance through March 17, 2024.
In the Proposed Guidance, an artificial intelligence system is defined as “any machine-based system designed to perform functions normally associated with human intelligence, such as reasoning, learning, and self-improvement, that is used – in whole or in part – to supplement traditional medical, property or casualty underwriting or pricing, as a proxy for traditional medical, property or casualty underwriting or pricing, or to establish ‘lifestyle indicators’ that may contribute to an underwriting or pricing assessment of an applicant for insurance coverage.” NYDFS defines ECDIS as “data or information used – in whole or in part – to supplement traditional medical, property or casualty underwriting or pricing, as a proxy for traditional medical, property or casualty underwriting or pricing, or to establish ‘lifestyle indicators’ that may contribute to an underwriting or pricing assessment of an applicant for insurance coverage.”
As indicated by the definitions, the Proposed Guidance applies only to the use of AIS and ECDIS in the underwriting and pricing operations of insurers, and it relies on existing statutory and regulatory schemes, including rules governing nondiscrimination, disclosure and unfair trade practices. However, the Proposed Guidance would also establish new obligations of insurers with respect to how insurers develop, manage and use these tools. The proposal would also impose new responsibilities on insurers using AIS or ECDIS with respect to governance, risk management, reporting and management of third party service providers.
While acknowledging the potential benefits of insurers’ use AIS and ECDIS, NYDFS expresses concerns about accuracy of AIS and ECDIS, as well as risks of systemic biases and arbitrary or discriminatory outcomes that may result from the use of such tools. Consequently, the proposed circular would place burdens on insurers to test their AIS or ECDIS models, to demonstrate that they are reliable and to demonstrate that they do not use criteria that would constitute an unfair trade practice or discriminate unfairly against insureds or potential insureds. Insurers would be required to document the processes and reasoning behind methods and analysis for discrimination testing, and to continue to conduct testing on AIS and ECDIS an ongoing basis. Insurers would be responsible for being able to explain how their AIS operates and to articulate the relationship between an ECDIS and other model variables.
The governance implications of the Proposed Guidance include requirements that insurers adopt written policies concerning development and management of AIS and ECDIS, and that insurers maintain an inventory of all such systems. Insurers are encouraged to develop written standards for model development, and written standards, policies, procedures and protocols for the acquisition or use of AIS or ECDIS developed by a third party. Insurers may be required to provide this documentation to NYDFS in connection with audits or regulatory reviews.
The Proposed Guidance is clear that insurers remain responsible for their use of AIS and ECDIS, even if the AIS or ECDIS is licensed from a third-party, saying “an insurer may not rely solely on a vendor’s claim of non-discrimination or a proprietary third-party process to determine compliance with anti-discrimination laws.” As a result, insurers intending to use such tools may need to revisit and enhance their due diligence, disclosure and contract negotiation processes for suppliers of AIS or ECDIS.
For more information regarding the use of AIS or ECDIS in the insurance industry, contact Marc Krawiec in Bond’s cybersecurity and data privacy practice.