The ethical use of artificial intelligence (AI): A summary of Colorado’s AI regulations for insurance companies  

The Colorado Division of Insurance (CDOI) released its Algorithm and Predictive Model Governance Regulation (AI regulation) on September 23, 2023 (note: initial draft issued on February 1, 2023, and revised draft on May 26, 2023). The regulation is effective from November 14, 2023, and is designed to reasonably ensure that life insurers’ use of external consumer data and information sources (ECDIS), algorithms, and predictive models (i.e., AI models) do not result in unfairly discriminatory insurance practices with respect to race. This is believed to be the first such regulation on AI targeting insurers, and specifically life insurance. Based on recent regulatory trends, other states may follow suit, and the scope may increase to other types of insurance (e.g., auto, property), and beyond insurance to other applications of ECDIS such as loan underwriting.

CDOI AI regulation requirements

The table below outlines the specific requirements in the regulation. More detailed information about each can be found in the full report.

CDOI draft proposed Algorithm and Predictive Model Quantitative Testing Regulation

In addition to the above AI regulation, CDOI has put forth a separate proposed reporting regulation for insurers using ECDIS and/or AI models which utilize ECDIS. The draft proposal would require testing utilizing Bayesian Improved First Name Surname Geocoding (BIFSG), a statistical modeling methodology to help identify potential racial and ethnic incongruities among their datasets for both application approvals and premium rates issued by life insurers. CDOI has currently put forth a reporting date of April 1, 2024, for the 12-month period ending December 31, 2023, though the draft regulation does not currently have a proposed effective date. Further details on the proposed reporting requirements can be found in the full report  which is available for download on this page.

What’s next?

The CDOI’s AI regulation will provide specific enforceable requirements for life insurance companies using ECDIS and AI models using ECDIS in Colorado. CDOI has leveraged high-level principles, found in places like the federal regulatory guidelines, and turned them into reporting requirements for governance, documentation, and reporting. Currently, the regulations apply only to life insurance companies doing business in Colorado. This may become de facto industry leading practices and other regulators may look to implement similar requirements. Additionally, CDOI has also suggested that similar rules may be applied to other insurance lines or other AI or algorithmic uses.

With the release of final regulations, below are the steps that can help life insurance companies adhere to the regulatory requirements.

1. Mobilize a program team to understand and translate requirements for compliance with the CDOI regulation (e.g., develop an inventory of use cases, and establish  purpose and governance processes around use of ECDIS and algorithms/AI models which may use ECDIS)
   
2. Develop a holistic AI governance roadmap to address emerging AI regulations including CDOI and the use of AI/Gen AI models across the insurance business
   
3. Drive change management including enhancing employee literacy around AI governance and risk management
   

Want to know more? Let’s connect.

Get in touch