The New York Department of Financial Services has issued a circular letter setting expectations that any insurer using artificial intelligence systems must be able to establish those systems do not use data that could produce discriminatory outcomes.
The circular letter outlines the DFS’ expectations for how insurers develop and manage the integration of external consumer data and information sources, artificial intelligence systems and other predictive models to mitigate potential harm to consumers, it said in a statement.
Insurers are expected to analyze ECDIS and AIS for unfair and unlawful discrimination; demonstrate the actuarial validity of ECDIS and AIS; maintain a corporate governance framework that provides appropriate oversight; and maintain appropriate transparency, risk management and internal controls, it said.
“Technological advances that allow for greater efficiency in underwriting and pricing should never come at the expense of consumer protection,” DFS Superintendent Adrienne Harris said in a statement. “DFS has a responsibility to ensure that the use of AI in insurance will be conducted in a way that does not replicate or expand existing systemic biases that have historically led to unlawful or unfair discrimination.”
When using ECDIS or AIS, insurers are responsible for complying with anti-discrimination laws whether they are collecting data and directly underwriting consumers, or relying on ECDIS or AIS of external vendors, the circular letter said.
Insurers may not use ECDIS or AIS to use information that would otherwise be prohibited from using directly, it said.
Further, insurers would not be allowed to rely solely on a vendor’s claim of non-discrimination or a proprietary third-party process to determine compliance with anti-discrimination laws.
“The responsibility to comply with anti-discrimination laws remains with the insurer at all times,” it said.
Insurers would also be required to keep records of its processes for testing for discrimination and should conduct tests regularly and as methods and inputs change, it said. They should use qualitative and quantitative measurements, including multiple statistical metrics evaluating data and model outputs to ensure they have a comprehensive assessment, it said.
The circular letter makes it clear senior management will be responsible for day-to-day implementation of the development and management of ECDIS and AIS.
“This includes establishing adequate policies and procedures, assigning competent staff, overseeing model risk management, ensuring effective challenge and independent risk assessment, reviewing internal audit findings, and taking prompt remedial action when necessary,” it said.
It outlines expectations for the role of the board of directors and other governance issues. It also sets outlines transparency rules, including providing an explanation for any adverse decisions for a policyholder or an application for coverage where the insurer used AIS and ECDIS.
The DFS said it will accept comment from all interested parties through March 17.
The National Association of Insurance Commissioners Executive Committee and plenary approved a model bulletin on the use of algorithms, predictive models and artificial intelligence by insurers that includes the word “bias,” which trade groups said does not meet the legal standard used by the industry.