What Colorado's New Data Regulations Could Mean for Insurers, Agents

Scott Kosnoff. Credit: Faegre Drinker

What You Need to Know

The new Colorado regulation will govern any use of an external consumer data and information source in connection with life insurance.
Scott Kosnoff expects the division to take a similar approach for annuities.
He believes the regulation could affect marketing strategies.

The Colorado Division of Insurance last week adopted major regulations that will govern life insurers’ use of any “external consumer data and information source,” or ECDIS.

That definition appears to include traditional data streams and analytical systems as well as artificial intelligence-based systems.

What could this mean for life insurers, clients and financial professionals?

Scott M. Kosnoff, a partner at Faegre Drinker, answered questions about the Colorado regulations via email. The answers have been edited.

THINKADVISOR: How does Colorado’s regulation compare with other jurisdictions?

SCOTT KOSNOFF: Colorado’s statute and regulation make it unique in this area.

The National Association of Insurance Commissioners is working on a model bulletin that builds upon the NAIC’s AI principles, which were adopted in 2020, and lays out regulatory expectations, including with respect to governance; risk management and internal controls; and third-party AI systems.

Once the NAIC finalizes and adopts the bulletin, individual states will consider whether they want to adopt the bulletin and, if so, whether to make any changes.

The California Department of Insurance issued a bulletin concerning the use of AI, algorithms, Big Data and the need to avoid unfair discrimination against protected classes. It also held a workshop examining bias and discrimination in September 2022.

The New York Department of Financial Services retained an outside consultant to conduct interviews regarding use of AI and machine learning by life insurers. 

See also  Barclays to Pay Nearly $1.3M Over Fingerprint Failures

Connecticut issued notice concerning use of Big Data and avoidance of discriminatory practices and requires a certification from domestic insurers.

The District of Columbia is investigating potential “unintentional bias,” beginning with private passenger auto, and it conducted a data call earlier this year.

How is Colorado’s approach different from typical states?

Colorado’s statute adopts a definition of unfair discrimination that departs from the way the term historically has been understood.

Colorado’s statute focuses on the use of external consumer data and information sources, and not expressly on AI.

Colorado will require insurers to test for unfair discrimination, adopt a risk management and governance framework and submit reports to the regulators.

What implications could the Colorado regulation have for products other than life insurance?