Tag Archives: Samuel J. Allaman

The NYDFS Plans to Impose Significant Obligations on Insurers Using AI or External Data

by Eric DinalloAvi GesserErez LiebermannMarshal BozzoMatt KellyJohanna SkrzypczykCorey GoldsteinSamuel J. AllamanMichelle Huang, and Sharon Shaji

Photos of the authors

Top (from left to right): Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, and Matt Kelly
Bottom (from left to right): Johanna Skrzypczyk, Corey Goldstein, Samuel J. Allaman, Michelle Huang, and Sharon Shaji (Photos courtesy of Debevoise & Plimpton LLP)

On January 17, 2024, the New York State Department of Financial Services (the “NYDFS”) issued a Proposed Insurance Circular Letter regarding the Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing (the “Proposed Circular” or “PCL”). The Proposed Circular is the latest regulatory development in artificial intelligence (“AI”) for insurers, following the final adoption of Colorado’s AI Governance and Risk Management Framework Regulation (“CO Governance Regulation”) and the proposed Colorado AI Quantitative Testing Regulation (the “CO Proposed Testing Regulation”), discussed here, and the National Association of Insurance Commissioners’ (“NAIC”) model bulletin on the “Use of Artificial Intelligence Systems by Insurers” (the “NAIC Model Bulletin”), discussed here. In the same way that NYDFS’s Part 500 Cybersecurity Regulation influenced standards for cybersecurity beyond New York State and beyond the financial sector, it is possible that the Proposed Circular will have a significant impact on the AI regulatory landscape.

The PCL builds on the NYDFS’s 2019 Insurance Circular Letter No. 1 (the “2019 Letter”) and includes some clarifying points on the 2019 Letter’s disclosure and transparency obligations. The 2019 Letter was limited to the use of external consumer data and information sources (“ECDIS”) for underwriting life insurance and focused on risks of unlawful discrimination that could result from the use of ECDIS and the need for consumer transparency. The Proposed Circular incorporates the general obligations from the 2019 Letter, adding more detailed requirements, expands the scope beyond life insurance, and adds significant governance and documentation requirements.

Continue reading

The EU AI Act – Navigating the EU’s Legislative Labyrinth

by Avi GesserMatt KellyMartha HirstSamuel J. AllamanMelissa Muse, and Samuel Thomson

From left to right: Avi Gesser, Matt Kelly, Martha Hirst, Samuel J. Allaman, and Melissa Muse. Not pictured: Samuel Thomson. (Photos courtesy of Debevoise & Plimpton LLP).

As legislators and regulators around the world are trying to determine how to approach the novel risks and opportunities that AI technologies present, the draft European Union Artificial Intelligence Act (the “EU AI Act” or the “Act”) is a highly anticipated step towards the future of AI regulation. Despite recent challenges in the EU “trilogue negotiations”, proponents still hope to reach a compromise on the key terms by 6th December, with a view to passing the Act in 2024 and most of the provisions becoming effective sometime in 2026.

As one of the few well-progressed AI-specific laws currently in existence, the EU AI Act has generated substantial global attention. Analogous to the influential role played by the EU’s GDPR in shaping the contours of global data privacy laws, the EU AI Act similarly has the potential to influence the worldwide evolution of AI regulation.

This blog post summarizes the complexities of the EU legislative process to explain the current status of, and next steps for, the draft EU AI Act. It also includes steps which businesses may want to start taking now in preparation of incoming AI regulation.

Continue reading

The Final Colorado AI Insurance Regulations: What’s New and How to Prepare

by Avi Gesser, Erez Liebermann, Eric Dinallo, Matt Kelly, Corey Jeremy Goldstein, Stephanie D. Thomas, Samuel J. Allaman, and Basil Fawaz

Photo of authors

Top left to right: Avi Gesser, Erez Liebermann, Eric Dinallo and Matt Kelly
Bottom left to right: Corey Jeremy Goldstein, Stephanie D. Thomas, Samuel J. Allaman and Basil Fawaz
(Photos courtesy of Debevoise & Plimpton LLP)

On September 21, 2023, the Colorado Division of Insurance (the “DOI”) released its Final Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models (the “Final Regulation”). As discussed below, the Final Regulation (which becomes effective on November 14, 2023) reflects several small changes from the previous version of the regulation that was released on May 26, 2023 (the “Draft Regulation”). A redline reflecting these changes can be found here.

The most substantive change is the requirement that insurers must remediate any detected unfair discrimination. This change is especially significant in light of the DOI’s release of its draft regulation on Quantitative Testing for Unfairly Discriminatory Outcomes for Algorithms and Predictive Models Used for Life Insurance Underwriting (the “Draft Testing Regulation”) on September 28, 2023, which requires insurers to estimate the race and ethnicity of all proposed insureds that have applied for life insurance coverage and then conduct detailed quantitative testing of models that use external consumer data and information sources (“ECDIS”) for potential bias. The Testing Regulation provides that certain results of that prescribed testing methodology will be deemed to be unfairly discriminatory and thereby require the insurer to “immediately take reasonable steps . . . to remediate the unfairly discriminatory outcome . . .”  We will be writing much more about our concerns over the Draft Testing Regulation in the coming weeks.

In this Blog Post, we discuss the Final Regulation, how it differs from the Draft Regulation, and what companies should be doing now to prepare for compliance.

Continue reading

The Top Eight AI Adoption Failures and How to Avoid Them

by Avi Gesser, Matt Kelly, Samuel J. Allaman, Michelle H. Bao, Anna R. Gressel, Michael Pizzi, Lex Gaillard, and Cameron Sharp

Photos of the authors

Top left to right: Avi Gesser, Matt Kelly, Samuel J. Allaman, and Michelle H. Bao.
Bottom left to right: Anna R. Gressel, Michael Pizzi, Lex Gaillard, and Cameron Sharp.
(Photos courtesy of Debevoise & Plimpton LLP)

Over the past three years, we have observed many companies in a wide range of sectors adopt Artificial Intelligence (“AI”) applications for a host of promising use cases. In some instances, however, those efforts have ended up being less valuable than anticipated—and in a few cases, were abandoned altogether—because certain risks associated with adopting AI were not properly considered or addressed before or during implementation. These risks include issues related to cybersecurity, privacy, contracting, intellectual property, data quality, business continuity, disclosure, and fairness.

In this Debevoise Data Blog post, we examine how the manifestation of these risks can lead to AI adoption “failure” and identify ways companies can mitigate these risks to achieve their goals when implementing AI applications.

Continue reading

The Revised Colorado AI Insurance Regulations: What Was Fixed, and What Still May Need Fixing

by Eric Dinallo, Avi Gesser, Matt Kelly, Samuel J. Allaman, Anna R. Gressel, Melissa Muse, and Stephanie D. Thomas

Photos of the authors

From top left to right: Eric Dinallo, Avi Gesser, Matt Kelly, and Samuel J. Allaman.
From bottom left to right: Anna R. Gressel, Melissa Muse, and Stephanie D. Thomas.
(Photos courtesy of Debevoise & Plimpton LLP)

On May 26, 2023, the Colorado Division of Insurance (the “DOI”) released its Revised Draft Algorithm and Predictive Model Governance Regulation (the “Revised Regulation”), amending its initial draft regulation (the “Initial Regulation”), which was released on February 1, 2023. The Revised Regulation imposes requirements on Colorado-licensed life insurance companies that use external consumer data and information sources (“ECDIS”), as well as algorithms and predictive models (“AI models”) that use ECDIS, in insurance practices. The Revised Regulation comes after months of active engagement between the DOI and industry stakeholders. In this Debevoise In Depth, we discuss the Revised Regulation, how it differs from the Initial Regulation, what additional changes should be considered, and how companies can prepare for compliance.

Continue reading

The Value of Having AI Governance – Lessons from ChatGPT

by Avi Gesser, Suchita Mandavilli Brundage, Samuel J. Allaman, Melissa Muse, and Lex Gaillard

Photos of the authors

From left to right: Avi Gesser, Suchita Mandavilli Brundage, Samuel J. Allaman, Melissa Muse, and Lex Gaillard (photos courtesy of Debevoise & Plimpton LLP)

Last month, we wrote about how many companies were implementing a pilot program for ChatGPT, as a follow up to our article about companies adopting a policy for the work-related uses of generative AI tools like ChatGPT, Bard, and Claude (which we collectively refer to as “Generative AI”). We discussed how a pilot program often involves designating a small group of employees who test potential generative AI use cases, and then make recommendations to a cross-functional AI governance committee that determines (1) which use cases are prohibited and which are permitted, and (2) for the permitted use cases, what restrictions, if any, should apply.

Continue reading