Colorado Insurance Division Adopts ‎Proposed Algorithm and Predictive Model Governance ‎‎Regulation

Locke Lord LLP

Locke Lord LLP

On September 21, 2023, the Colorado Insurance Division adopted Regulation 10-1-1 entitled “Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models” effective on November 14, 2023. The new regulation applies to all life insurers authorized to do business in Colorado. Insurers must submit a report on June 1, 2024 “summarizing the progress made towards complying with the requirements specified in Section 5 including identifying the areas still under development, any difficulties encountered, and expected completion date.” The new regulation states that:

Life insurers that use ECDIS, as well as algorithms and predictive models that use ECDIS in any insurance practice, must establish a risk-based governance and risk management framework that facilitates and supports policies, procedures, systems, and controls designed to determine whether the use of such ECDIS, algorithms, and predictive models potentially result in unfair discrimination with respect to race and remediate unfair discrimination, if detected.

“External Consumer Data and Information Source” or “ECDIS” means, for the purposes of this regulation, a data or an information source that is used by a life insurer to supplement or supplant traditional underwriting factors or other insurance practices or to establish lifestyle indicators that are used in insurance practices. This term includes credit scores, social media habits, locations, purchasing habits, home ownership, educational attainment, licensures, civil judgments, court records, occupation that does not have a direct relationship to mortality, morbidity or longevity risk, consumer-generated Internet of Things data, biometric data, and any insurance risk scores derived by the insurer or third-party from the above listed or similar data and/or information sources.

The regulation details the various components to the risk management framework that must be documented. If an insurer uses third party vendor artificial information systems, then it must ensure that the third party vendor is in compliance with the regulation.

Finally, the insurer also must comply with reporting requirements under the new regulation, including an annual report of its compliance beginning on December 1, 2024 and annually thereafter. However, “Insurers that do not use ECDIS or algorithms and/or predictive models that use ECDIS are exempt” but must submit an officer attestation to that effect on December 1 each year.

All documents disclosed to the Division will be considered confidential under § 10-3-1104.9(3)(d), C.R.S.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide