Comprehensive Guide To Colorado SB21-169: Ensuring Fair AI Insurance Practices

Some Major Requirements Effective December 1st, 2024

Mandates Development Of Governance Programs

Requires Regular Reporting To The Insurance Commissioner

Penalties May Include Revocation Of The Insurer’s License

Utah AI Policy Act Compliance

AI Compliance doesn’t have to be so complicated.

Use FairNow’s AI governance platform to:

Effortlessly ensure your AI is in harmony with both current and upcoming regulations

Ensure your LLMs and GenAI are transparent, reliable, and unbiased

Stay ahead of compliance requirements before fees and fines become commonplace

FAQs About Colorado’s “Protecting Consumers from Unfair Discrimination in Insurance Practices” (SB21-169) Law

What are the core concepts of the Colorado's SB21-169?

Colorado’s “Protecting Consumers from Unfair Discrimination in Insurance Practices” (SB21-169) aims to prevent unfair discrimination in insurance practices through the use of external consumer data and information sources (ECDIS), algorithms, and predictive models.

The core concepts of this legislation are:

1. Prohibition of Unfair Discrimination: Insurers are prohibited from engaging in unfair discrimination based on protected characteristics such as race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. This ensures insurance practices do not disproportionately harm individuals based on these attributes.

2. Implementation of Governance and Risk Management Frameworks: Insurers must develop comprehensive governance programs that include policies for the usage, testing, evaluation, and oversight of ECDIS and algorithms. This framework aims to ensure transparency and accountability in managing the risk of unfair discrimination.

3. Reporting and Compliance Requirements: Insurers must regularly report their use of ECDIS and algorithms to the state’s Insurance Commissioner and demonstrate compliance with the law. This includes submitting progress and compliance reports by specified deadlines.

4. Quantitative Testing Requirements: Insurers must conduct quantitative testing to detect any unfair discrimination in their algorithms and predictive models. The Division of Insurance prescribes methods to infer race and ethnicity for testing purposes without directly collecting racial data from policyholders.

As AI quickly integrates into various aspects of life and business, the need for comprehensive frameworks to manage its use, deployment, and implications becomes increasingly critical.

FairNow is honored to play a crucial role in preparing companies for this future, ensuring they’re compliant today and ready for tomorrow’s regulatory landscapes.

What is Colorado's "Protecting Consumers from Unfair Discrimination in Insurance Practices" (SB21-169)?

SB21 169 is a legislative measure aimed at preventing unfair discrimination by insurers based on external data sources and algorithms.

The bill, signed into law in July 2021, will require insurers to develop governance programs that evaluate their external data sources and algorithms using such data for bias. Requirements will be defined separately for different classes of insurance: obligations for life insurance have been defined and are in effect, and those for private passenger auto insurance and health insurance are expected to come next.

Who does Colorado's "Protecting Consumers from Unfair Discrimination in Insurance Practices" (SB21-169) apply to?

The law applies to insurers who sell to Colorado residents and use external data sources. The law does not apply to title insurance, bonds issued by qualified surety companies, or insurers issuing commercial insurance policies (except for those issuing business owners’ policies with premiums of $10,000 per year or more).

The law defines “external data sources” as a data or an information source that is used by an insurer to supplement or supplant traditional underwriting factors or other insurance practices.

The law defines “algorithms” as a computational or machine learning process that informs human decision making.

What are the compliance requirements of SB21-169?

The law imposes several compliance requirements:

Note: The requirements will be developed for each class of insurance in a stakeholder engagement process (including insurers and consumer representatives). The requirements will lay out what is required for that class of insurance to demonstrate that its use of external data sources and algorithms using external data sources is not unfairly discriminatory.

Generally, however, insurers are subject to the following requirements:

  • Insurers are prohibited from unfair discrimination on the basis of race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
  • Insurers must declare to the state’s Insurance Commissioner what sources of external consumer data are used in their algorithms and how the data is used.
  • Insurers must develop a risk management framework to determine to what extent their external data sources and algorithms discriminate against consumers.
  • Insurers must comply with additional requirements for information if the Commissioner chooses to investigate the insurer’s use of algorithms and external data sources.

Unfair discrimination happens when similar risks are treated differently and premiums are based not on relative risk but on factors like race. For example, auto insurers can set higher rates for younger drivers than older but only if they are able to demonstrate the former group is truly higher risk.

Specific Requirements for Life Insurance Underwriting

The rules for Life Insurance Underwriting (Regulation 10-1-1) have been adopted and will go into effect November 14, 2023 and companies will have until December 1st, 2024 to build out their governance program.

In addition to the requirements listed above, life insurers using external data sources must:

  • Develop a governance program and risk management structure overseen by the board of directors that covers:
    • Policies related to the companies usage, testing, evaluation and oversight of external data sources and downstream algorithms and how the company tests for unfair discrimination
    • The development of a cross-functional governance group
    • A rubric by which risks associated with external data sources and downstream algorithms can be assessed and prioritized
    • An inventory of all external data sources and their usage, including previous versions of the data source
    • How the company assesses and vets third party data providers
    • An annual evaluation of the governance structure, making adjustments where warranted
  • Submit to the Insurance Commissioner a report stating the company’s progress in meeting these requirements by June 1st, 2024, and a report summarizing compliance with the law by December 1st, 2024.
  • Conduct quantitative testing for unfair discrimination of their algorithms according to requirements defined by the state. (Note: These requirements are currently being drafted and have not yet been finalized.)

Given that none of the above requirements specifically relate to life insurance, it’s possible that the requirements for other insurance classes will be similar.

What are the non-compliance penalties of Colorado's SB21-169?

Failure to comply with this regulation can result in penalties, including the imposition of civil penalties, issuance of cease and desist orders, and/or suspensions or revocations of the insurer’s license.

What is the status of the "Protecting Consumers from Unfair Discrimination in Insurance Practices" law in Colorado?

The bill was signed in July 2021. Requirements will be rolled out for all different classes of insurance as they are defined and approved.

The requirements for Life Insurance Underwriting have been adopted; companies are expected to have submitted a progress update to the state Division of Insurance by June 1st, 2024 and will be required to demonstrate compliance of their governance program by December 1st, 2024. 

Colorado is currently working to define requirements for private passenger auto insurance and has started stakeholder meetings regarding health insurance.

How can companies best ensure compliance with SB21-169?

We’re so glad you asked! Here are five practical steps insurance companies are taking to ensure compliance with SB21-169:

1. Inventory Data Sources and Assess Risk: Compile a detailed inventory of all external consumer data sources (ECDIS) and algorithms in use. Assess the associated risks to ensure they do not result in unfair discrimination based on protected characteristics such as race, gender, and ethnicity.

2. Invest in AI Governance Tools (like FairNow!): Utilize tools that support compliance with SB21-169, helping manage and oversee the effective use of ECDIS and algorithms within regulatory requirements. These tools should help document usage, test for biases, and maintain transparency.

3. Automate Audits and Compliance Checks: Implement automated systems to regularly audit and check compliance with SB21-169. This will help maintain transparency, ensure consistent compliance, and quickly identify and correct any discriminatory practices.

4. Conduct Quantitative Testing for Discrimination: Conduct quantitative testing of your algorithms to detect and mitigate any unfair discrimination. Use prescribed methods, such as Bayesian Improved First Name Surname Geocoding (BIFSG), to infer race and ethnicity without directly collecting sensitive data.

5. Engage in Continuous Learning and Adaptation: Stay informed about legislative changes and industry standards related to AI and insurance. Participate in voluntary programs and stakeholder engagements to adapt to new requirements and best practices.

Staying informed and engaged will be key to achieving compliance with Colorado SB21-169.


How FairNow Can Help
FairNow simplifies compliance, helping insurers implement robust governance and risk management frameworks. Our platform ensures transparency, reliability, and unbiased AI usage, keeping your organization ahead of compliance requirements.

Get Expert Help With AI Governance

Schedule a free consultation with our AI governance experts today.