Thought Leadership

CO Division of Insurance Finalizes AI, Data Regulations Impacting Insurers

October 6, 2023 Advisory

In August 2023, the Colorado Division of Insurance conducted a hearing to finalize regulations impacting life insurers. These rules focus on how life insurance companies leverage external data and cutting-edge technologies, including artificial intelligence (AI), to make informed decisions. These regulations are tailored for life insurers operating in Colorado and encompass the utilization of external data sources, computer algorithms and predictive models in various life insurance processes, extending beyond traditional underwriting. Even when life insurers source this data and technology from third parties, strict compliance with these rules is obligatory. The finalized regulations were published on Sept. 22, 2023, and can be accessed on the Colorado Division of Insurance’s website.

Framework Requirements

The regulations mandate a comprehensive governance and risk management framework to ensure that life insurers using external consumer data and information sources (ECDIS), as well as algorithms and predictive models that employ ECDIS, maintain robust compliance practices. ECDIS refers to data or information sources used by life insurers to augment or replace conventional underwriting factors and other insurance practices. This encompasses a wide array of external data and information used by insurers in their insurance processes, including: credit scores, social media behaviors, location data, purchase patterns, homeownership status, educational qualifications, licensures, civil judgments, court records and more. It also encompasses consumer-generated Internet of Things (IoT) data, biometric data and any insurance risk scores generated from these data sources.

The governance and risk management framework will need to be built on principles that emphasize effective oversight and management, with a specific focus on preventing unfair discrimination in insurance practices. The framework also requires clear governance structures overseen by the board of directors or designated committees, senior management responsibilities, cross-functional governance groups and documented policies, processes and procedures for the development, testing, deployment and ongoing monitoring of ECDIS and related technologies. Furthermore, insurers are required to address consumer complaints, prioritize risks, maintain inventories of utilized ECDIS and models, and conduct ongoing assessments to detect and rectify any unfair discrimination.

Compliance Timeline

In light of these significant regulatory developments, it’s crucial for life insurers to grasp the nuances of these rules and their implications. The compliance timeline below details key milestones and requirements that life insurers must adhere to. This timeline ensures that life insurers, whether currently using external data and technology or planning to do so, are well prepared to meet the new standards set forth by the Colorado Division of Insurance. Please note that this compliance timeline is based on the information provided in the current draft of the regulation, varies by the insurers use of data or ECDIS, and is subject to any updates or changes made by the Colorado Division of Insurance.

For Life Insurers Using ECDIS, Algorithms or Predictive Models:

  • By June 1, 2024: Submit a narrative report summarizing progress toward complying with the regulation’s requirements. This report should identify areas still under development, any challenges encountered, and the expected completion date.
  • By Dec. 1, 2024, and annually thereafter: Submit a narrative report summarizing compliance with the regulation's requirements.

For Life Insurers Not Using ECDIS or Related Technologies:

  • Within one month of the effective date (Dec. 14, 2023), and annually thereafter: Submit an attestation signed by an officer indicating that the insurer does not use ECDIS, algorithms or predictive models that use ECDIS.

For Life Insurers Transitioning to Use of ECDIS, Algorithms or Predictive Models:

  • Submit a narrative report summarizing compliance with the governance and risk management framework and the title and qualifications of each individual responsible for ensuring compliance with the governance and risk framework.

Conclusion

These regulations provide a new framework for how life insurers employ certain external data and technology. While the deadlines and framework components have remained relatively consistent with the draft version, it is imperative for life insurers to fully understand and adhere to these rules. The Colorado Division of Insurance continues to refine details, and we will keep you updated on further developments.

Should you have any questions or concerns regarding these regulations, please reach out to your regular AT lawyer or one of the listed authors.

Highlights

The EU Artificial Intelligence Act: What Businesses Need to Know

Advisory
News Item

Armstrong Teasdale Earns 40 Tier One Rankings in 2024 Edition of Best Law Firms

Artificial Intelligence and Copyrights: Tennessee’s ELVIS Act Becomes Law

Advisory

NYDFS Updates Proposed Amendment to Cybersecurity Regulations

Advisory

AI in the Workplace: Is Your Enterprise Intelligent About Artificial Intelligence?

Artificial intelligence (AI) is everywhere—from chatbots that answer questions, draft essays and write code, to virtual assistants and self-driving cars. In the workplace, it is estimated that 99% of Fortune 500 companies use AI...

3 Key Lessons in Vendor Management Highlighted by the MOVEit Cyber Incident

Casey Waughn

The New York Times Sues for Copyright Infringement over ChatGPT

Advisory

California’s Newest Cybersecurity Rule – What You Need to Know

Advisory
Contact Us
  • Worldwide
  • Boston, MA
  • Chicago, IL
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
Worldwide
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware
Key Industries
About Us
Inclusion
Careers
Insights
Locations