A recent article in 'Insurance Journal' highlights how US insurers are under increasing pressure to evidence how their use of credit data stays within the law.
The leading US trade magazine ‘Insurance Journal’ ran an article on 21st December about fairness in insurance underwriting (read it here). It’s significant in three ways.
Firstly, such articles are rare in the US insurance press. This article and others signal a growing awareness that US insurers need to pay attention to fairness.
Secondly, it confirms that this attention to fairness is building about the use of credit data in underwriting. Insurers like Root have been highlighting in their marketing about their removal of credit data from their pricing models (more here). They have a clear view of what they think is coming.
Thirdly, it highlights legislation passed during 2021 in the US State of Colorado and coming into force in early 2023. The rather prosaically named “Restrict Insurers' Use Of External Consumer Data” Act is centred around the duty of all US insurers to not unfairly discriminate in relation to protected characteristics. That in itself is not new, but what is interesting is the freedom given to the Colorado Insurance Commissioner to set disclosure rules in relation to unfair discrimination.
Here's what the rules require of each insurer with a Colorado licence:
- provide information to the commissioner concerning the external data sources used by the insurer in the development and implementation of algorithms and predictive models for a particular type of insurance and insurance practice;
- provide an explanation of the manner in which the insurer uses external data sources for the particular type of insurance and insurance practice;
- establish and maintain a risk management framework that is reasonably designed to determine, to the extent practicable, whether the insurer's use of external data sources unfairly discriminates against individuals based on their race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression;
- provide an assessment of the results of the risk management framework and actions taken to minimize the risk of unfair discrimination, including ongoing monitoring; and
- provide an attestation by the insurer's chief risk officer that the insurer has implemented the risk management framework appropriately on a continuous basis.
While no mention is made of credit scores, there’s a consensus building that laws like this will be used to put pressure on insurers to remove credit data from their pricing models, whether they like it or not. And the way they’ll do this is by decision transparency.
What this points to
Rules like these are part of a broader social and political trajectory that I sum up as moving from ‘tell me’, to ‘show me’ and now to ‘prove to me’. The Colorado rules move the state’s insurers into the ‘prove to me’ stage. And they place responsibility for this firmly on the insurer’s chief risk officer.
What Colorado insurer CROs will now be faced with is the prospect of reconciling their firm’s use of credit data with the mounting evidence from academics that it is pretty much impossible to use credit data in underwriting without being unfairly discriminatory.
This paper from 2019 by Professor Dan Schwarcz and Associate Professor Anya Prince is an example of this evidence base. Another is this paper by Professor Barbara Kiviat, who is referenced in the ‘Insurance Journal’ article.
Implications for UK insurers
So what does this mean for UK insurers?
At the moment, UK insurers are able to use credit data as they wish, so long as it doesn’t contravene their various obligations under the Financial Services and Markets Act. I know that the regulator talked with Dan Schwarcz about his paper on proxy discrimination. And I suspect they’ll be watching developments like the Colorado Act. However, I’ve seen nothing from them that points to a possible ban on the use of credit data.
What the regulator might be tempted to do though, is to take a similar approach to Colorado. This would require insurers to evidence their internal processes and reporting, to show just how they are managing their handling of credit data in relation to ethical risks like fairness, discrimination and vulnerability.
This is the type of adaptability insurers need to start preparing for, in their plans, systems and monitoring. And it’s a adaptability that should be prepared across all functions: underwriting, claims, counter fraud and marketing.