This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
List Professionals Alphabetically
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z View All
Search Professionals
Site Search Submit
| 3 minute read

NYDFS Releases Circular Letter on the Use of AI and Data in Insurance Underwriting and Pricing

On July 11, 2024, the New York Department of Financial Services (NYDFS) issued Circular No. 7 Re: Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing (Circular Letter).  The Circular Letter emerged from the initial draft circular letter issued on January 17, 2024, by NYDFS (Draft Circular Letter).  The Circular Letter sets forth NYDFS’s guidelines for insurers authorized to write insurance in New York that use artificial intelligence systems (AIS) and external consumer data and information sources (ECDIS) for underwriting and pricing insurance policies and annuity contracts.

Scope and Applicability

The Circular Letter applies to all insurers authorized to write insurance in New York that use ECDIS and AIS in underwriting or pricing insurance. The Circular Letter does not address activities related to insurance marketing and claims adjusting. The Circular Letter also does not apply to Child Health Plus, Essential Plan and Medicaid managed care coverage.

Outlined below are some key provisions under the Circular Letter:

Fairness Principles

The Circular Letter provides “fairness principles” to be applied when using ECDIS or AIS, including:

  • Proxy Assessment: Insurers should demonstrate that ECDIS does not serve as a proxy for protected classes in a way that is prohibited by law.  Insurers should evaluate the extent to which ECDIS are correlated with (i.e., a proxy for) status in a protected class that may result in unfair discrimination. 
  • Unfair and Unlawful Discrimination: Insurers should only use ECDIS or AIS that can establish through a comprehensive assessment that the underwriting or pricing guidelines are not unfairly or unlawfully discriminatory in violation of New York Insurance Law.  The Circular Letter clarifies that: (1) this assessment should be conducted for any protected class where membership in such protected class either may be determined using data available to the insurer or may be reasonably inferred using accepted statistical methodologies; (2) there is an assessment as to whether there is a legitimate, lawful, and fair explanation or rationale for the differential effect on similarly situated Insureds; and (3) conducting and appropriately documenting a search and analysis for a less discriminatory alternative variable(s) or methodology that would reasonably meet the insurer’s legitimate business needs.

Analyzing for Unfair and Unlawful Discrimination

  • Documentation: The Circular Letter provides Insurers should document the processes and reasoning behind their testing methodologies and analysis for unfair discrimination. 
  • Testing: Testing should be administered prior to putting AIS into production and on a regular cadence thereafter, and whenever material updates or changes are made to either ECDIS or AIS. Testing should include quantitative and qualitative assessments. 

Governance and Risk Management

Requires an Insurer to have a corporate governance framework that is appropriate for the nature, scale and complexity of the Insurer.  Furthermore, an Insurer should have a corporate governance framework that provides appropriate oversight of the Insurer’s use of ECDIS and AIS to ensure compliance with the Insurance Law and regulations promulgated thereunder. This includes:

  • Board and Senior Management Oversight: The ultimate oversight responsibility of ECDIS and AIS use rests with the insurer’s board of directors (the Board or equivalent governing body).  Senior management is responsible for the day-to-day implementation and management of ECDIS and AIS. Both senior management and the Board have a responsibility for the overall outcomes of the use of ECDIS and AIS. 
  • Risk Management and Internal Controls: Insurers should manage relevant risks and formulate standards at each stage of the AIS life cycle. Insurers may choose to manage the risks of AIS within an existing enterprise risk management function. Insurers should have competent and qualified personnel to execute and oversee AIS risk management with clearly defined roles and responsibilities, and appropriate means of accountability.
  • Third-Party Vendors: The Circular Letter outlines that Insurers should conduct appropriate oversight over third-party vendors. Insurers should perform appropriate due diligence and oversight relative to the risks of the ECDIS or AIS used by third-party vendors. Insurers are ultimately responsible for the outcomes of that use.

Transparency

Insurers must provide specific reasons and explanations to Insureds or potential Insureds when they provide an adverse decision, which must be based on sound actuarial principles. In the event of a declination, limitation, rate differential, or other adverse underwriting decision the reason or reasons provided to the Insured or potential Insured, or a medical professional designee, the Insurer should include details about all information upon which the Insurer based any declination, limitation, rate differential, or other adverse underwriting decision, including the source of the specific information upon which the insurer based its adverse underwriting or pricing decision. 

An Insurer may not rely on the proprietary nature of a third-party vendor’s algorithmic processes to justify the lack of specificity related to an adverse underwriting or pricing action.

 

Tags

intellectual property, privacy data and cybersecurity