Like in many other sectors, personal data and algorithms are increasingly being used by insurers in their underwriting, claims, and rating practices. Whilst these advances can bring benefits, concerns have been raised about the quality of information sources and the rationale for using algorithms without appropriate safeguards, particularly as insurance practices are high-risk and minority groups could be especially vulnerable to discrimination. This has resulted in widespread attention from policymakers and the introduction of various pieces of legislation to tackle this issue, including Colorado SB21-169.
SB 21-169 aims to protect Colorado consumers from insurance practices that result in being unfairly discriminated on the basis of race, colour, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
In particular, SB 21-169 21-169 restricts insurers’ use of external consumer information and data sources (ECIDS) - such as credit scores, social media habits, locations, purchasing habits, home ownership, educational attainment, occupation, licensures, civil judgments, and court records - as well as algorithms and predictive models using ECIDS.
Colorado SB 21-169 was first introduced on 2 March 2021 and passed on 23 June 2021, before being adopted on 6 July 2021. The law was effective from 1 January 2023, but the rule development process for the first line of insurance, life insurance, kicked off a year earlier in February 2022. The process for auto insurance is underway and the first steps for health insurance started at the end of February 2024
Although the law requires specific rules to be developed for different types of insurance practices and different types of insurance, in general, insurers are required to test their systems, demonstrate to the Division of Insurance (Division) how testing is conducted, and take corrective action if needed. Specific actions include:
The law applies to almost all insurance companies in Colorado, where those that do not use ECIDS, algorithms, or predictive models may be required to declare as such. Insurance practices subject to this law are marketing, underwriting, pricing, utilization management, reimbursement methodologies, and claims management.
However, SB 21-169 exempts title insurance, bonds covered by surety companies, and commercial insurance policies (with the exception of business owners’ policies or commercial general liability policies with annual premiums below $10,000).
The Commissioner of Insurance (Commissioner) is required to consult with stakeholders to develop rules for specific insurance types and insurance practices. The stakeholder engagement process is underway for Life Insurance (LI) Underwriting and Private Passenger Auto (PPA) Insurance Underwriting, and the first stakeholder session for Health Insurance will take place on 29 February 2024.
Any material shared by insurers with the Commissioner pursuant to these rules is deemed to be proprietary. While the Commissioner is mandated to investigate insurers’ use of ECIDS and utilize this material as part of their investigations, they are not permitted to make this public without prior written consent and may only make data publicly available in an aggregated or de-identified format. The rules adopted by the Commissioner must also establish a reasonable time frame for insurers to remedy any unfairly discriminatory impact, as well as insurers’ ability to use ECIDS that have previously been evaluated by the Division and not found to be discriminatory.
Until 1 July 2025, the Division is also required to submit to the Colorado Legislative Committees of Reference a report containing:
Under the proposed quantitative testing regulation for life insurers, analysis must be conducted to determine if there are statistically significant differences in approval and premium rates based on race/ethnicity.
This involves logistic and linear regressions using cumulative data collected until December 31 of the previous year. Race/ethnicity is inferred from surname and address using RAND’s BIFSG tool due to limited self-reported data.
If differences exceed 5 percentage points within each race/ethnicity category, further testing is required. This includes comparing coefficients in regression models with and without dummy variables for race/ethnicity to identify discriminatory factors.
Insurers must then implement risk management measures to address discrimination and conduct additional testing to verify effectiveness of mitigation. In particular, the report must contain information about:
Although SB 21-169 does not outline specific penalties for non-complicate, sanctions relevant to insurance under the Colorado Revised Statutes can be issued. These include civil penalties, cease and desist orders, and suspensions or revocations of license.
New York introduced Assembly Bill 8369 (A08369) on 13 December 13 2023 with an almost identical text to the Colorado law, with the exception of swapping out minor details such as “Commissioner of Insurance” with the “superintendent [of financial services],” for example. The role of the superintendent is the same as that of the Commissioner, except that while the reporting obligation of the Commissioner to the Colorado General Assembly ends in 2025, the superintendent is required to make annual reports to the New York Governor, Senate, and Assembly. The exceptions SB 21-169 make apply to A08369 as well.
For candidates, this notice can be provided through the employment section of the website in a clear and conspicuous manner, in a job posting, or through mail or e-mail. For employees, notice can be given in a written policy or procedure, in a job posting, or via mail or e-mail.
Insurance is increasingly being targeted by lawmakers around the world, with several laws aiming to specifically regulate the use of AI and algorithms in insurance. Indeed, AI systems used to make or influence decisions about eligibility for health and life insurance will likely be considered high-risk under the final version of the EU AI Act.
Getting prepared early is the best way to stay compliant and gain a competitive edge. Schedule a demo with our experts to find out how Holistic AI can help you get ahead of the regulation wave.
DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.