In July 2024 an industry guidance issued by the New York Department of Financial Services contains useful guidance (although not always directly related to our own Constitutional values) regarding the use of Artificial Intelligence Systems that External Consumer Data and Information Sources in insurance underwriting and pricing.  The guidance arises from its commitment to innovation and the responsible use of technology to improve financial access and contribute to the safety and stability of insurance markets. Besides all the useful guidance in the document, the analysis includes steps that insurers are expected to take when making a comprehensive assessment of whether an underwriting or pricing guideline derived from AIS or ECDIS unfairly discriminates between similarly situated individuals or against a protected class. The steps include:

(1)        Step one: Assessing whether the use of AIS or ECDIS produces disproportionate adverse effects in underwriting or pricing for similarly situated insureds or insureds of a protected class. The assessment should be conducted for any protected class where membership of such protected class either may be determined using data available to the insurer or may be reasonably inferred using accepted statistical methodologies. If there is a prima facie showing of such a disproportionate adverse effect, the insurer should continue to Step two;

(2)        Step-two: Assessing whether there is a legitimate, lawful, and fair explanation or rationale for the differential effect on similarly situated insureds. If there is no such rationale the insurer should modify its use of such AIS or ECDIS and it go back to Step-one. If there is a legitimate explanation or rationale, insurers should proceed to Step-three;

(3)        Step-three: Insurers must conduct and appropriately document a search and analysis for less discriminatory alternative variables or methodology that would reasonably meet the insurers legitimate business needs. If a less discriminatory alternative exists the insurer should modify its use of AIS or ECDIS accordingly and continue to evaluate the modified use. If no less discriminatory alternative exists the insurer should conduct ongoing model risk management consistent with the guidance by the Authorities and repeat Step-three at least annually.

Governance and risk management requirements include board and senior management oversight, formalised policies, procedures and documentation, risk management and internal controls including audit functions; and appropriate oversight of third party vendors.

The industry guidance is worth reading.

https://www.dfs.ny.gov/industry-guidance/circular-letters/cl2024-07