Colorado: Governance Requirements for use of External Consumer Data, Algorithms, and Predictive Models in Life Insurance

Allison Ott, Consultant (author), Stefanie Porta, Senior Consultant (contributor), and Islay Thompson, Junior Content Writer (contributor)

August 14th 2023

As the adoption of Artificial Intelligence (AI) and big data continues to evolve, Insurance Departments are increasingly concerned about the way insurers leverage external consumer data, information sources (ECDIS), models, and algorithms for rate development. The primary issue at hand pertains to the potential for unfair discrimination. In accordance with statutory mandates in all states, regulators must diligently assess whether a particular model exhibits any signs of unjust discriminatory practices.

In 2021, Colorado passed Senate Bill 21-169 with the objective of prohibiting unfair discrimination resulting from insurers’ use of ECDIS, algorithms, and predictive modeling. However, the bill’s wording was somewhat ambiguous, leading to confusion among insurers about the precise requirements and compliance measures. In response to this, the Colorado Department of Regulatory Agencies introduced CCR 702-4 in early 2023—a proposed draft that offers explicit guidelines to ensure transparency and mitigate discriminatory practices within this domain.

Signed on July 6th, 2021, Colorado Senate Bill 21-169 (codified as Colo. Rev. Stat. § 10-3-1104.9) zeroes in on life insurers, explicitly prohibiting life insurers from utilizing any ECDIS, algorithm, or predictive model that results in unfair discrimination based on, “a person’s race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression” (SB 21-169). The scope of this prohibition extends to data sources and information used by insurers to supplement or replace traditional underwriting factors, such as credit scores, social media habits, purchasing patterns, homeownership, educational achievements, court records, or other factors that lack a direct correlation to mortality, morbidity, or longevity risks. The legislation notes that although these tools may simplify and expedite specific insurance practices, “the accuracy and reliability of external consumer data and information sources can vary greatly, and some algorithms and models may lack a sufficient rationale for use in insurance practices” (SB 21-169).

The Colorado Division of Regulatory Agencies has released a revised version of the DRAFT PROPOSED Algorithm and Predictive Model Governance Regulation (Version 5/26/23), which is an improvement to the 2021 legislation. It places an emphasis on establishing a governance framework with annual reporting requirements.  The previous legislation placed a stronger emphasis on reporting requirements, requiring detailed reporting to the Division of Insurance, outlining thorough details about their use of AI and predictive modeling inventory. The DRAFT PROPOSED removes the requirements for details in the reporting and replaces it with annual certifications of the governance framework. The insurance company is required to establish an internal governance structure with frequent monitoring.  It must also describe any changes made to a risk framework and the impact these changes have on the utilization of external data and algorithmic models. Subsequently, carriers are mandated to identify any risks associated with the use of these models and present the steps taken to mitigate those risks effectively.

Insurance companies must also maintain an active and detailed inventory of all external data, algorithms, and predictive models actively in use. This inventory can be subject to annual review, with any changes diligently tracked and managed. Furthermore, insurers must maintain comprehensive documentation on how they use external data, including the testing conducted to detect any instances of unfair discrimination in their insurance practices resulting from the use of such data, algorithms, and predictive models. The documentation must include a clear explanation of the methodology employed, the assumptions made during the process, the results obtained, and any measures taken to address any negative outcomes. These stringent requirements aim to promote fairness, consumer protection, and accountability within the insurance industry, ensuring that ECDIS and predictive modeling are used responsibly and without perpetuating discriminatory practices.

The draft regulation 3 CCR 702-4 is currently open for public comments and feedback. For those interested, the following website provides a link to monitor the ongoing activities and participate in meetings: SB21-169 – Protecting Consumers from Unfair Discrimination in Insurance Practices | DORA Division of Insurance (

Draft regulation 3 CCR 702-4 marks a significant milestone as it stands as one of the pioneering regulations, particularly in the realm of life insurance. It is anticipated that other states may follow suit, adopting similar legislation and extending its scope to cover other lines of business. In an era defined by technological advancements and an ever-expanding AI-driven industry, the officials in Colorado have taken proactive steps to establish the regulatory framework, setting the tone for the evolving landscape of insurance practices. As the industry continues to embrace AI and big data, such regulations become essential in safeguarding consumers’ interests and ensuring fair and transparent practices throughout the insurance sector.

While these regulations are substantial, Davies can help insurers understand the revisions necessary in order to stay compliant. Our regulatory compliance specialists are ready to help you modify existing or new processes and policy language.

To learn more about our product development and compliance services, please visit

2021a_169_signed.pdf (

SB21-169 – Protecting Consumers from Unfair Discrimination in Insurance Practices | DORA Division of Insurance (

DRAFT Proposed Algorithm and Predictive Model Governance Regulation – Version 5.26.23 – clean.pdf – Google Drive

    Keep up to date with Davies