Re: Comments on NAIC Model Bulletin on Use of Algorithms, Predictive Models, and Artificial Intelligence Systems by Insurers
Dear Chair Birrane and Co-Vice Chairs Conway and Ommen:
The U.S. Chamber of Commerce (“Chamber”) appreciates the opportunity to provide comments on the NAIC Model Bulletin on “Use of Algorithms, Predictive Models, and Artificial Intelligence Systems by Insurers.[1]” The Chamber represents industries from all sectors, including the insurance and financial sectors. As such, the Chamber has concerns about the proposed model bulletin in its current form.
Artificial intelligence is poised to transform our world, and it will help us solve problems and work more efficiently. It’s assisting scientists in developing vaccines and treating patients more effectively, securing our nation’s networks and critical infrastructure against cyberattacks, alerting customers of bank fraud and expanding financial opportunities for underserved communities through access to credit, and much more. However, to meet this moment, we must all work together to address potential concerns while witnessing the outstanding benefits of the technology. For this reason, the Chamber is providing the following high-level comments on the model bulletin.
The Chamber appreciates the model bulletin’s understanding that insurers already “must comply with all applicable laws and regulations[2].” The Chamber agrees that enforcement of existing laws is paramount; our independent AI commission recently found, “Appropriate enforcement of existing laws and regulations provides regulatory certainty and guidance to stakeholders[3].”
Furthermore, we appreciate the NAIC’s acknowledgment of the National Institutes of Standards and Technology (NIST) work regarding Artificial Intelligence. The Chamber has long supported NIST’s work, including their recently published AI Risk Management Framework. The Chamber strongly supported the NIST AI Risk Management Framework’s “open and iterative process…and the Framework represents a promising collaborative risk management model.[4]” The Chamber supports an interactive process such as the soon-to-be-developed NIST profiles, which “illustrate and offer insights into how risk can be managed at various stages of the AI lifecycle or in specific sector, technology, or end-use applications. AI RMF profiles assist organizations in deciding how they might best manage AI risk that is well-aligned with their goals, considers legal/regulatory requirements and best practices, and reflects risk management priorities.[5]”
The following are areas in which the Chamber would like to highlight our concerns with the NAIC’s Model Bulletin:
The term “bias” is not based in existing insurance law or regulation.
As noted above, the stated purpose of the bulletin is to remind insurers that decisions made or supported by artificial intelligence systems must comply with existing laws and regulations. State laws and regulations governing insurance do not mention the term “bias.” The insertion of this term into the bulletin is not only counter to the bulletin’s stated purpose, but also counter to established legal constructs. It is critical that each reference to “bias” is removed. The bulletin rightfully references various laws that do govern insurers’ use of artificial intelligence, including state Unfair Claims Practices Act provisions and requirements that insurance rates are not “unfairly discriminatory.”
Terminology & Definitions:
The Chamber has strongly advocated the need for appropriate harmonization around terminology and definitions regarding Artificial Intelligence. For this reason, we believe that terms and definitions used within the bulletin must be precise, consistent, and aligned with definitions already in law.
Board Adopted:
The Chamber fully believes that good AI governance comes from an entire organization participating in these critical discussions and each person within an organization understanding their essential roles within the AI life cycle. We agree that the board should have knowledge of their organization's written program for the use of AI Systems (program) and receive reports. However, development and implementation should be delegated to senior management. We suggest clarifying that the board does not necessarily need to write the program.
Needed Clarity:
The Chamber believes the following areas need further clarity within the model bulletin so that stakeholders can understand the practicality of the bulletin if it is to be put into practice.
- Section 1.4: States that a Program must be “proportionate with the Insurer’s use and reliance on AI and AI Systems.” We believe that such a Program should be proportionate to risk, rather than use. We suggest changing the wording to “appropriate for the insurer’s uses.” or “proportionate to the risk of such systems”.
- Sections 1.5 and 1.6: As written, appear to be redundant. These should be combined, or differences clarified.
- Section 2.4.F: Requires “the independence of decision-makers and lines of defense at successive stages of the AI System life cycle.” Clarifying what determines independence is essential to ensure compliance with this requirement.
- Section 3: On page 4, paragraph 2, the phrase “complex and often opaque predictive models” is used. We believe the “often opaque” wording is not appropriate and implies that the models are not explainable and/or assessments are not possible. Difficulties in assessments are acknowledged in the paragraph below and should be adequate. We suggest removing “often opaque”.
- Section 3.3: refers to “measurements,” but not all items listed are amenable to quantitative measures. For this reason, we would suggest using the term “assessments” instead.
- Section 4.2:requires the inclusion of specific terms in insurers' contracts with third-parties, many of which may not be palatable to third-party service providers. The requirement in 4.2(d), requiring third-parties to subject themselves to the jurisdiction of insurance regulators would be particularly difficult.
- Section 4.2C and D: We suggest combining these very similar items. Also, this section should consider the intellectual property rights of the third party.
Third-Party AI Systems and Vendor Management:
The Chamber supports the AI Model Bulletin's intent to encourage insurers to include third-party AI considerations in their program governance. As suggested above, we would like to see further consideration for intellectual property rights and alternative strategies for ensuring third-party compliance. Furthermore, we believe further discussions around standards development with all stakeholders regarding developers' and deployers' responsibilities and information sharing is vital.
We appreciate the opportunity to outline our initial concerns with the model bulletin. The comments above provide a non-exhaustive list of changes we believe must be made to the bulletin to allow adequate review from stakeholders and to ensure the proposal is workable.
Sincerely,
Michael Richards
Director
Chamber Technology Engagement Center
U.S. Chamber of Commerce
[1] Materials - Innovation, Cybersecurity, and Technology (H) Committee (naic.org)
[2] Materials - Innovation, Cybersecurity, and Technology (H) Committee (naic.org)
[3] https://www.uschamber.com/assets/documents/CTEC_AICommission2023_Report_v6.pdf
[4] https://americaninnovators.com/advocacy/letter-to-senators-hickenlooper-and-blackburn-on-trustworthy-ai/
[5] https://airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF/Core_And_Profiles/6-sec-profile