What is the Colorado AI Insurance Law? A Detailed Guide to Colorado’s SB21-169
Some Major Requirements Effective December 1st, 2024
Mandates Development of Governance Programs
Requires Regular Reporting to the Insurance Commissioner
Penalties May Include Revocation of the Insurer’s License
FAQs About Colorado’s AI Insurance Law
Steps to Achieve Compliance
High-Level Summary
Colorado’s “Protecting Consumers from Unfair Discrimination in Insurance Practices” (SB21-169) aims to prevent unfair discrimination in insurance practices through the use of external consumer data and information sources (ECDIS), algorithms, and predictive models.
The core concepts of this legislation are:
1. Prohibition of Unfair Discrimination: Insurers are prohibited from engaging in unfair discrimination based on protected characteristics such as race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. This ensures insurance practices do not disproportionately harm individuals based on these attributes.
2. Implementation of Governance and Risk Management Frameworks: Insurers must develop comprehensive governance programs that include policies for the usage, testing, evaluation, and oversight of ECDIS and algorithms. This framework aims to ensure transparency and accountability in managing the risk of unfair discrimination.
3. Reporting and Compliance Requirements: Insurers must regularly report their use of ECDIS and algorithms to the state’s Insurance Commissioner and demonstrate compliance with the law. This includes submitting progress and compliance reports by specified deadlines.
4. Quantitative Testing Requirements: Insurers must conduct quantitative testing to detect any unfair discrimination in their algorithms and predictive models. The Division of Insurance prescribes methods to infer race and ethnicity for testing purposes without directly collecting racial data from policyholders.
As AI quickly integrates into various aspects of life and business, the need for comprehensive frameworks to manage its use, deployment, and implications becomes increasingly critical.
FairNow is honored to play a crucial role in preparing companies for this future, ensuring they’re compliant today and ready for tomorrow’s regulatory landscapes.
Colorado SB21-169 Scope
The law applies to insurers who sell to Colorado residents and use external data sources. The law does not apply to title insurance, bonds issued by qualified surety companies, or insurers issuing commercial insurance policies (except for those issuing business owners’ policies with premiums of $10,000 per year or more).
The law defines “external data sources” as a data or an information source that is used by an insurer to supplement or supplant traditional underwriting factors or other insurance practices.
The law defines “algorithms” as a computational or machine learning process that informs human decision making.
Compliance Requirements of SB21-169
The law imposes several compliance requirements:
Note: The requirements will be developed for each class of insurance in a stakeholder engagement process (including insurers and consumer representatives). The requirements will lay out what is required for that class of insurance to demonstrate that its use of external data sources and algorithms using external data sources is not unfairly discriminatory.
Generally, however, insurers are subject to the following requirements:
- Insurers are prohibited from unfair discrimination on the basis of race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
- Insurers must declare to the state’s Insurance Commissioner what sources of external consumer data are used in their algorithms and how the data is used.
- Insurers must develop a risk management framework to determine to what extent their external data sources and algorithms discriminate against consumers.
- Insurers must comply with additional requirements for information if the Commissioner chooses to investigate the insurer’s use of algorithms and external data sources.
Unfair discrimination happens when similar risks are treated differently and premiums are based not on relative risk but on factors like race.
For example, auto insurers can set higher rates for younger drivers than older but only if they are able to demonstrate the former group is truly higher risk.
Specific Requirements for Life Insurance Underwriting
The rules for Life Insurance Underwriting (Regulation 10-1-1) have been adopted and will go into effect November 14, 2023 and companies will have until December 1st, 2024 to build out their governance program.
In addition to the requirements listed above, life insurers using external data sources must:
1) Develop a governance program and risk management structure overseen by the board of director that covers:
- Policies related to the companies usage, testing, evaluation and oversight of external data sources and downstream algorithms and how the company tests for unfair discrimination
- The development of a cross-functional governance group
- A rubric by which risks associated with external data sources and downstream algorithms can be assessed and prioritized
- An inventory of all external data sources and their usage, including previous versions of the data source
- How the company assesses and vets third party data providers
- An annual evaluation of the governance structure, making adjustments where warranted
2) Submit to the Insurance Commissioner a report stating the company’s progress in meeting these requirements by June 1st, 2024, and a report summarizing compliance with the law by December 1st, 2024.
3) Conduct quantitative testing for unfair discrimination of their algorithms according to requirements defined by the state. (Note: These requirements are currently being drafted and have not yet been finalized.)
Given that none of the above requirements specifically relate to life insurance, the requirements for other insurance classes may be similar.
Non-Compliance Penalties
Failure to comply with this regulation can result in penalties, including the imposition of civil penalties, issuance of cease and desist orders, and/or suspensions or revocations of the insurer’s license.
Status
The bill was signed in July 2021. Requirements will be rolled out for all different classes of insurance as they are defined and approved.
The requirements for Life Insurance Underwriting have been adopted; companies are expected to have submitted a progress update to the state Division of Insurance by June 1st, 2024 and will be required to demonstrate compliance of their governance program by December 1st, 2024.
Colorado is currently working to define requirements for private passenger auto insurance and has started stakeholder meetings regarding health insurance.
How Can Companies Ensure Compliance with SB21-169?
Drawing from our work in AI governance and compliance, we’ve observed how leading insurance companies are adapting to SB21-169.
Here are five practical steps many are taking to ensure compliance:
1. Inventory Data Sources and Assess Risk: Compile a detailed inventory of all external consumer data sources (ECDIS) and algorithms in use. Assess the associated risks to ensure they do not result in unfair discrimination based on protected characteristics such as race, gender, and ethnicity.
2. Invest in AI Governance Tools (like FairNow!): Utilize tools that support compliance with SB21-169, helping manage and oversee the effective use of ECDIS and algorithms within regulatory requirements. These tools should help document usage, test for biases, and maintain transparency.
3. Automate Audits and Compliance Checks: Implement automated systems to regularly audit and check compliance with SB21-169. This will help maintain transparency, ensure consistent compliance, and quickly identify and correct any discriminatory practices.
4. Conduct Quantitative Testing for Discrimination: Conduct quantitative testing of your algorithms to detect and mitigate any unfair discrimination. Use prescribed methods, such as Bayesian Improved First Name Surname Geocoding (BIFSG), to infer race and ethnicity without directly collecting sensitive data.
5. Engage in Continuous Learning and Adaptation: Stay informed about legislative changes and industry standards related to AI and insurance. Participate in voluntary programs and stakeholder engagements to adapt to new requirements and best practices.
Staying informed and engaged will be key to achieving compliance with Colorado SB21-169.
How FairNow’s AI Governance Platform Helps
FairNow was built by professionals with extensive experience in highly regulated industries such as HR, insurance, and financial services. Our platform simplifies compliance for insurers, ensuring transparency, reliability, and unbiased AI usage.
FairNow’s AI Governance Platform enables insurance companies to:
- Streamline compliance and reduce reporting time
- Maintain a centralized AI inventory with ongoing risk assessments
- Implement human oversight and clear accountability structures
- Enforce robust policies with continuous testing and monitoring
- Effectively track regulations and document compliance efforts
Our team’s deep industry knowledge is embedded in every aspect of the platform, providing you with a robust solution that understands the unique challenges of AI risk management in insurance. Book a free demo here.
AI compliance doesn't have to be so complicated.
Use FairNow's AI governance platform to: