Colorado Division of Insurance Releases New and Improved ECDIS Governance Regulation
At a Glance
- The Colorado Division of Insurance released a revised draft regulation setting forth governance and risk management framework requirements for life insurers using external consumer data and information sources.
- The revised draft takes a risk-based approach and is less onerous than the initial draft regulation.
- The revised draft regulation will be discussed at a life insurance stakeholder meeting on June 8, 2023.
On May 26, 2023, the Colorado Division of Insurance released a revised draft regulation setting forth governance and risk management framework requirements for life insurers using external consumer data and information sources (ECDIS), as well as algorithms and predictive models that use ECDIS. The draft regulation would implement SB21-169 (codified as Colo. Rev. Stat. § 10-3-1104.9) with respect to life insurers only. An initial draft of the governance regulation was released in February and was widely viewed as overly prescriptive and lacking in proportionality. The revised draft takes a risk-based approach and is less onerous, although it would still entail a significant compliance lift for many insurers.
Among other things, the revised draft would require:
- Establishment of a “risk-based” governance and risk management framework for determining whether the use of ECDIS and related algorithms and predictive models result in unfair discrimination. The framework requirement would apply to all insurance practices (as defined in the statute), but it would be limited to unfair discrimination with respect to race.
- Governing principles that provide guidance that is “well-suited for effective oversight and management.”
- A “rubric for assessing and prioritizing risks … with appropriate consideration given to consumer impact(s).”
- Oversight of the risk management framework by a life insurer’s board of directors or an appropriate board committee.
- Senior management responsibility and accountability.
- A cross-functional algorithm and predictive model governance group.
- Written policies and processes; assigned roles and responsibilities; and ongoing supervision and training for relevant personnel.
- Processes for addressing consumer complaints and inquiries.
- An up-to-date inventory of all ECDIS and related algorithms and predictive models used by the life insurer.
- A description of the testing conducted to detect unfair discrimination resulting from the use of ECDIS.
- Ongoing monitoring of the performance of algorithms and predictive models that use ECDIS.
- A documented process for selecting third-party vendors that provide ECDIS, as well as algorithms and predictive models that use ECDIS.
- Dramatically simplified documentation and reporting requirements (as compared to the initial draft of the regulation).
The revised draft regulation also adds a section addressing confidentiality and eliminates the definitions of “Disproportionately Negative Outcome” and “Traditional Underwriting Factors.” (Both terms appear in Colo. Rev. Stat. § 10-3-1104.9; they are not defined by the statute but were defined in the initial draft regulation.)
The revised draft regulation will be discussed at a life insurance stakeholder meeting on June 8. The next private passenger auto insurance stakeholder meeting will be on June 15.