Skip to Content

Colorado DOI Summer Reading for Life Insurers

On May 26 — just ahead of the Memorial Day weekend — the Colorado Division of Insurance (DOI) issued for public comment a second draft of its proposed “Governance and Risk Management Framework Requirements for Life Insurance Carriers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models.” The second draft is part of the DOI’s directive under Senate Bill 21-169 to adopt rules by which an insurer may demonstrate that it has tested its use of external consumer data and information sources, algorithms, and predictive data to ensure that it is not unfairly discriminating against consumers on the basis of a protected class.

The DOI held a call with stakeholders on June 8 to discuss the changes reflected in the second draft, receive stakeholders’ preliminary comments, and hear about the DOI’s proposed next steps.

Changes Reflected in the Second Draft

  1. Definitions

    The second draft deleted two definitions and revised another.

    Notably, the definitions of “disproportionately negative outcome” and “traditional underwriting factors” were deleted. However, the DOI made clear that those terms have merely been placed in the shade for the time being and would reappear in the life underwriting testing rule.

    The “external consumer data and information source” definition was updated:

    1. By adding back “or other insurance practices” to clarify that the second draft applies to all practices, not just underwriting practices.
    2. By adding back “location” as it was inadvertently deleted.
    3. By including “consumer-generated Internet of Things data.” The DOI made this addition based on a comment and recognition that there are many devices that collect data on consumers’ daily activities, which could be used by insurers for a variety of insurance practices.
  2. Governance and Risk Management Framework

    The second draft includes a number of changes to the proposed rule’s governance and risk management framework provisions. In particular, the second draft:

    1. Permits insurers to use a risk-based approach for their frameworks.
    2. Focuses on whether the use of external consumer data and information sources, algorithms, and predictive models results in unfair discrimination “with respect to race.” While acknowledging that the focus on race is due to the limitations in addressing the other protected classes set forth in SB 21-169, the DOI said that it is still considering whether the rule should be so limited.
    3. Incorporates documentation into the required governance and risk management framework components. With this change, the second draft eliminates the comprehensive documentation requirements contained in the earlier draft. Nevertheless, the second draft continues to require:
      • A detailed description of all utilized external consumer data and information sources, and algorithms and predictive models that use external consumer data and information sources, as well as material changes and monitoring of the foregoing. While the second draft does not set forth what would be sufficient for the detailed description, the list of required documentation from the earlier draft may be reflective of what the DOI would expect.
      • Testing to detect unfair discrimination in insurance practices resulting from the use of external consumer data and information sources. Notably, the second draft removes one thorn by requiring the insurer to take steps to address "unfairly discriminatory outcomes” rather than "disproportionate negative outcomes” as required by the earlier draft.
      • A process for selecting third-party vendors.

Also eliminated from the second draft is the requirement to document all decisions made regarding the use of external consumer data and information sources, algorithms, and predictive models.

  1. Reporting Requirements

    While the second draft maintains the six-month and yearly reporting requirements for life insurers currently using external consumer data and information sources, algorithms, and predictive models, it simplifies the reports by requiring only a “summary” narrative report of their progress toward complying, and thereafter of their compliance, with the rule’s governance and risk management framework. The annual report must be signed by an officer attesting to compliance with the rule or, if no attestation is provided, a corrective action plan.

  2. Confidentiality

    In response to numerous comments, the second draft makes clear that documents or materials provided to the DOI will be subject to the confidentiality provisions of SB 21-169.

Next Steps

The DOI announced a June 23 deadline for written comments. It appears that the DOI will seek to notice a draft rule to begin the formal rulemaking process so that the rule becomes effective sometime in 2023, as reflected in section 10 of the second draft.

The DOI also announced a goal of releasing the life underwriting testing rule by the end of June. If true, life insurers may spend another holiday reading draft proposed rules from the DOI. Hopefully, the draft testing rules won’t result in any fireworks over the July Fourth weekend.




©2024 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.