“Artificial intelligence systems” (“AIS”) and “external consumer data and information sources” (“ECDIS”) can help insurers and companies, New York State regulators concede, but the technologies better not hurt “protected classes” or “perpetuate or amplify systemic biases that have resulted in unlawful or unfair discrimination,” warns the state in new regulatory guidance. Given the complexity of these technologies and the vagueness of the new cyber insurance regulations, insurance industry technologists, lawyers and boards are sure to face complex challenges implementing new solutions in the Empire State.
“‘New York has a strong track record of supporting responsible innovation while protecting consumers from financial harm,’ said Superintendent (Adrienne A.) Harris. ‘Today’s guidance builds on that legacy, ensuring that the implementation of AI in insurance does not perpetuate or amplify systemic biases that have resulted in unlawful or unfair discrimination, while safeguarding the stability of the marketplace,’” explains the press release from the Department of Financial Services (“DFS”).
“Unfair and Unlawful Discrimination”
DFS now requires insurers to: “analyze ECDIS and AIS for unfair and unlawful discrimination, as defined in state and federal laws; demonstrate the actuarial validity of ECDIS and AIS; maintain a corporate governance framework that provides appropriate oversight of the insurer’s overall outcome of the use of ECDIS and AIS; and maintain appropriate transparency, risk management, and internal controls, including over third-party vendors and consumer disclosures.”
The cyber insurance regulation action impacts all insurers, but we bet its implementation will be especially complicated for cyber insurers, given constant underwriting, actuarial and mitigation challenges posed by fast-moving threats and security technology. Insurers are no doubt poring over the fine print in the guidance, in part because it emphasizes that “both senior management and the board have a responsibility for the overall outcomes of the use of ECDIS and AIS.”
Other News: New York State Mulls Groundbreaking Cybersecurity Regulations for Hospitals(Opens in a new browser tab).
Other News: Cyber and data privacy insurance trends in an era of increased regulation.