Insurers Responsible for Vendors' AIs: States

In a new bulletin, regulators warn that using other firms' emerging tech is no excuse for bad behavior.

Life insurance and annuity issuers should make sure that any artificial intelligence systems they use play fair, even if outside vendors manage the AIs, according to state insurance regulators.

The regulators’ group, the National Association of Insurance Commissioners, has adopted a model bulletin that includes many provisions related to insurers’ relationships with AI system providers.

Insurers using AI “must comply with all applicable insurance laws and regulations,” the NAIC states in the new Use of Artificial Intelligence Systems by Insurers bulletin, which was approved Monday at the organization’s fall national meeting in Orlando, Florida. “This includes those laws that address unfair trade practices and unfair discrimination.”

What it means: The NAIC, a group for state insurance regulators, is one of the first entities responsible for setting the rules for machines that seem as if they have a mind of their own.

The history: Insurers were some of the first U.S. users of computers, and they have been using AI and machine-learning systems to improve data analysis and quicken processes for years.

Birny Birnbaum, a consumer advocate, has warned that, because AI systems do not necessarily show how they have reached their conclusions, they could end up discriminating based on race or violating other laws, even if the system managers and users did not intend to discriminate.

In 2019, New York state issued a letter warning insurers against letting new, automated life insurance underwriting systems discriminate. The NAIC adopted AI principles in 2020.

The NAIC’s Innovation, Cybersecurity and Technology Committee developed the new model bulletin and began posting drafts this summer.

Kathleen Birrane, the chair of the committee and the Maryland insurance commissioner, said that state regulators want to balance “the potential for innovation with the imperative to address unique risks.”

Insurers and technology groups that commented favored a looser, more flexible bulletin, and consumer groups pushed for tighter rules and more specifics.

The bulletin:  The final version of the bulletin acknowledges that insurers will rely heavily on outside AI vendors, or third parties.

An insurer should make sure that it has controls in place to ensure that any use of AI that could lead to “adverse consumer outcomes” will “meet the legal standards imposed on the insurer itself,” according to a section of the bulletin that covers use of third-party AI systems and data.

Sections of the bulletin also cover matters such as general guidelines, AI-related governance, risk management, internal controls, and regulatory oversight of insurers’ use of AI systems.

Credit: Alexander Limbach/Adobe Stock