The Innovation, Cybersecurity and Technology (H) Committee of the National Association of Insurance Commissioners (NAIC) has recently released a draft model bulletin that outlines regulatory expectations for insurers’ use of artificial intelligence systems (AI Systems). The Model Bulletin aims to mitigate risks associated with AI Systems and ensure consumer protection.
The bulletin encourages insurers to implement a board-approved written AI Systems Program (AIS Program) that addresses governance, risk management controls, internal audit functions, and the use of third-party AI Systems. The goal is to prevent AI Systems from making arbitrary or capricious decisions, engaging in unfair discrimination, or violating unfair trade practice laws. The program should also address data vulnerabilities.
The Model Bulletin refers to the Principles of Artificial Intelligence (Principles) adopted by the NAIC in 2020 as a source of guidance. It emphasizes that the regulatory expectations outlined in the bulletin are rooted in existing law, including model laws on unfair practices, corporate governance, market conduct, and property and casualty ratings.
The bulletin provides guidelines for the AIS Program in terms of governance, risk management, and the use of third-party AI Systems. In terms of governance, insurers should have board approval, senior management reporting responsibilities, risk assessments, and transparency, fairness, and accountability in the decision-making processes.
Regarding risk management, the AIS Program should cover oversight and approval processes, data practices and accountability, management of algorithms and predictive models, validation and testing procedures, and protection of non-public information.
For third-party AI Systems, insurers should have standards for acquiring, using, and relying on third-party AI Systems. This includes due diligence, contractual requirements for the third party, and processes for monitoring compliance with legal standards.
The draft Model Bulletin also addresses regulatory oversight and requests for information. State regulators have the authority to request information and documentation related to insurers’ AI Systems and their compliance with the law. This includes the AIS Program, inventories of algorithms and predictive models, validation and auditing processes, and contracts with third-party vendors.
Overall, the NAIC’s draft Model Bulletin aims to provide insurers with guidance on the use of AI Systems while ensuring consumer protection and compliance with the law. These guidelines will help insurers develop effective governance and risk management practices when implementing AI technology in their operations.