The comments by regulators during the NAIC Artificial Intelligence (EX) Working Group (AI WG) calls provide insight into regulators' views on insurers' use of artificial intelligence and may foretell areas for future regulation. The AI WG is drafting "Principles on Artificial Intelligence" that define "AI actors" who are subject to the following five principles:
- Fair and Ethical
- Accountable
- Compliant
- Transparent
- Secure, Safe, and Robust
The principles are to be used by other NAIC committees, task forces, and/or working groups as they gaze into the issues related to AI in their respective areas.
Below summarizes some of the key discussions from the February 4 and February 19 calls, reflects on how those discussions are consistent with statements of the International Association of Insurance Supervisors (IAIS), and are consistent with other countries' positions on AI-related issues.
AI Actors
Commissioner Jon Godfread explained that the term “AI actors” should be "broad but related to the business of insurance" and "broad to ensure that no one is left out that is participating [and that regulators expect] to consider these principles." Reflecting this broad applicability, the draft principles exposed after the February 19 call modified the term AI actors to include "third parties such as rating and advisory organizations." This change comports with consumer advocates' comments during the Accelerated Underwriting Working Group that third parties that provide algorithms to insurers for pricing and marketing should be regulated.
Accountable
AI WG members discussed that AI actors should be accountable:
- For compliance with existing laws – While some regulators questioned whether existing laws are adequate, Commissioner Godfread countered that regulators do not have the ability to "go beyond the existing laws," to the relief of commentators who sought confirmation that the principles are not intended to create a higher burden for AI.
- For data supporting of outcomes – AI WG members discussed the need for AI actors to be able to produce the "[d]ata supporting the final outcome of an AI application" to "address data privacy concerns and establish the expectation that the industry be able to readily produce the data that they are using."
- For the unintended impact of AI – While a commentator suggested changing the language to "even if certain impacts are not foreseen," none of the AI WG members spoke in favor of such change.
- To stakeholders – AI WG members discussed the need for regulators and consumers to inquire about, review, or seek recourse for AI-driven insurance decisions. This means that the information AI actors provide should be easy to understand, and AI actors must be able to describe the factors that resulted in the decision.
Compliant
Commissioner Godfread illuminated that the intent of the compliance principle is to place a burden on AI actors who are working in the insurance space to have "knowledge and resources in place to ensure compliance." One AI WG member recounted discussions with third parties whose lack of clairvoyance indicated that they had not considered whether their activities ran afoul of state law. Ultimately, Commissioner Godfread noted that the "buck will stop with the insurer." Moreover, the principles require compliance whether "the violation is intentional or unintentional." This approach follows the IAIS' recommendations that supervisors consider "the appropriateness of requiring insurers to extend their policies and procedures on the use of [big data analytics] to third-party providers." The approach is also similar to other countries that place the burden on the firm that uses the AI.
Transparent
While all AI WG members and commentators agreed that AI actors must be transparent, commentators were concerned that the principle of transparency would require robust disclosure that would be more detailed than a consumer would want or could understand. AI WG members stressed that the manner in which AI reaches its conclusions must be transparent to regulators, and AI actors must "proactive[ly] disclose ... the kind of data being used, the purpose of the data in the AI systems and consequences for all stakeholders." Notably, other countries agree that insurers must be transparent about how and why they are using data. At least one also requires insurers to disclose what the possible consequences could be for the customer.
Secure, Safe, and Robust
AI WG members discussed that AI should be:
- Secure and safe in normal use, reasonably foreseeable use, or adverse conditions – AI WG members discussed that the principles should include that AI should be protected from hackers.
- Reasonably traceable – While commentators asserted that "traceability" was "transparency,” AI WG members disagreed and stated that traceability is needed to ensure that every step of the process is captured as opposed to merely the outcome. The approach by the AI WG is consistent with the AI ethics guidelines promulgated by the European Union.
Following the February 19 call, the AI WG posted the third draft of the principles for comment. The goal of the AI WG has been to adopt the principles at the Summer National Meeting.
* With assistance from Facundo Scialpi, a student at the University of Miami School of Law.